[ Usenet FAQs | Search | Web FAQs | Documents | RFC Index ]
Single Page
Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 2.19. What does krb524d do? Do I need to run it?
Next Document: 2.21. How do a rename a principal?
-
Search the FAQ Archives
Single Page
Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 2.19. What does krb524d do? Do I need to run it?
Next Document: 2.21. How do a rename a principal?
2.20. What is v5passwdd? Do I need to run it?
The v5passwdd daemon implements the "old" Kerberos 5 password changing
protocol (before OpenVision donated their admin server).
This protocol is used by a few Kerberos 5 clients; the only ones I know of
are the MIT Win32 Kerberos client, and some Xyplex terminal servers. If you
don't have any programs that use this protocol, or you don't want people who
use those clients to be able to change their password, then you don't need
to run it.
If you do need to run it, you'll need to do the following things:
* Create a special changepw principal, of the form:
o changepw/YOUR.REALM@YOUR.REALM
Make sure this principal has the same attributes as the kadmin/changepw
principal; specificially, set the DISALLOW_TGS_REQ and
PASSWORD_CHANGING_SERVICE attributes.
* Add this principal's key to the admin keytab (see the original
installation instructions for this procedure)
* Start the v5passwdd with the following sample command line:
o v5passwdd -port 464 -T /path/to/admin/keytab
Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 2.19. What does krb524d do? Do I need to run it?
Next Document: 2.21. How do a rename a principal?
Single Page
[ Usenet FAQs | Search | Web FAQs | Documents | RFC Index ]
Send corrections/additions to the FAQ Maintainer:
Ken Hornstein <kenh@cmf.nrl.navy.mil>
Last Update December 05 2008 @ 00:11 AM