directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Karasulu <>
Subject Re: Kerberos password change libraries.
Date Fri, 14 Aug 2009 18:23:28 GMT
On Fri, Aug 14, 2009 at 7:06 PM, CORUM, M E [AG/1000] <> wrote:

> We use VSJ from Quest (which bought Vintela VSJ - excellent software).
> As part of the VSJ Kerberos library, it has support for the "Change
> Password" protocol (which works quite well).

Yeah sounds like great software but I guess this is commercial tho right?

Acutally with we have most of what is needed to write an excellent MINA
based client.  All the PDU's are pretty much defined.  There are not that
many 2-3 maybe?

So it's very easy to provide such a client.  The annoying part is dealing
with a keytab file.

> I'm actually happy to hear
> that ApacheDS supports this.  What version of ApacheDS supports this
> protocol?

ApacheDS has this ability since day one of 1.0.  But it might have been
disabled in some recent releases.  We need to do much more with both KRB5
and ChangePW.


> Thanks,
> Mike Corum
> -----Original Message-----
> From: Bruno Medeiros []
> Sent: Friday, August 14, 2009 10:55 AM
> To:
> Subject: Kerberos password change libraries.
> Hi there.
> My question is not strictly about ApacheDS but I would like to present
> it to this ML nonetheless. So, ApacheDS supports the Kerberos password
> change protocol, but is there any Java library (non-commercial) that
> allows you to make use of that functionality?
> As far as I know JGSS/JAAS don't support that, and the only other Java
> library I found that did is commercial.
> So what is typically used in enterprise environments to do a Kerberos
> change password (Java or otherwise)?
> Regards,
> Bruno Medeiros
> ---------------------------------------------------------------------------------------------------------
> This e-mail message may contain privileged and/or confidential information,
> and is intended to be received only by persons entitled to receive such
> information. If you have received this e-mail in error, please notify the
> sender immediately. Please delete it and all attachments from any servers,
> hard drives or any other media. Other use of this e-mail by you is strictly
> prohibited.
> All e-mails and attachments sent and received are subject to monitoring,
> reading and archival by Monsanto, including its subsidiaries. The recipient
> of this e-mail is solely responsible for checking for the presence of
> "Viruses" or other "Malware". Monsanto, along with its subsidiaries, accepts
> no liability for any damage caused by any such code transmitted by or
> accompanying this e-mail or any attachment.
> ---------------------------------------------------------------------------------------------------------

Alex Karasulu
My Blog ::
Apache Directory Server ::
Apache MINA ::

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message