On Wed, Jan 21, 2015 at 05:22:43PM -0500, Tom Yu wrote: > Will Fiveash <will.five...@oracle.com> writes: > > > When talking to a older Solaris KDC that only supports the RPCSEC_GSS > > protocol for change password request, will the current MIT kpasswd > > command just work or does it require some non-default configuration > > (some parameter set in krb5.conf)? > > My recollection is that we used to have a different kpasswd client > program (dating back to the OV*Secure contribution, maybe) that did > speak the kadm5 RPC protocol, but removed it. Now we only have a > kpasswd client that speaks the kpasswd protocol.
Thanks, I was looking through some older notes I made about this and the code and felt I had entered a maze of twisty passages that all looked alike. Anyway (to make sure I'm clear) it's my understanding that MIT back in 1.4 added support for kadmin/kadmind communication via RPCSEC_GSS which made MIT kadmin compatible with Solaris kadmind. My notes on this also implied that the MIT kpasswd was updated to use RPCSEC_GSS or SET_CHANGE: MIT supports a SET_CHANGE protocol for changing password. In 1.4 they added support for our RPCSEC_GSS protocol. It could be that I was mistaken about this which prompted my earlier question. -- Will Fiveash Oracle Solaris Software Engineer ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
