Subject: | Referrals code breaks krb5_set_password_using_ccache to Active Directory |
Using the set change password API involves getting a kadmin/changepw service ticket via
krb5_get_credentials(). This doesn't work against MIT's Active Directory server and prevents
the set change password from succeeding.
lxs@ra-tilt.mit.edu: klist
Kerberos 5 ticket cache: 'API:1'
Default principal: lxs@WIN.MIT.EDU
Valid Starting Expires Service Principal
11/29/06 17:00:06 11/30/06 03:00:07 krbtgt/WIN.MIT.EDU@WIN.MIT.EDU
renew until 12/06/06 17:00:06
lxs@ra-tilt.mit.edu: kvno kadmin/changepw@WIN.MIT.EDU
krb5_get_cred_from_kdc_opt: referral routing loop afer 0 hops
kvno: Cannot contact any KDC for requested realm while getting credentials for 'kadmin/
changepw@WIN.MIT.EDU'
Also we might want to fix the typo in the warning message (s/afer/after).
krb5_get_credentials(). This doesn't work against MIT's Active Directory server and prevents
the set change password from succeeding.
lxs@ra-tilt.mit.edu: klist
Kerberos 5 ticket cache: 'API:1'
Default principal: lxs@WIN.MIT.EDU
Valid Starting Expires Service Principal
11/29/06 17:00:06 11/30/06 03:00:07 krbtgt/WIN.MIT.EDU@WIN.MIT.EDU
renew until 12/06/06 17:00:06
lxs@ra-tilt.mit.edu: kvno kadmin/changepw@WIN.MIT.EDU
krb5_get_cred_from_kdc_opt: referral routing loop afer 0 hops
kvno: Cannot contact any KDC for requested realm while getting credentials for 'kadmin/
changepw@WIN.MIT.EDU'
Also we might want to fix the typo in the warning message (s/afer/after).