Change a user's Kerberos Password?by 5mi11er (Deacon)
|on Mar 20, 2009 at 22:22 UTC||Need Help??|
5mi11er has asked for the
wisdom of the Perl Monks concerning the following question:
Last week I asked how to change an expired AD password with LDAP and Perl at this thread: 751018.
Turns out I was asking the wrong question, you MUST change an expired AD password with Kerberos.
So, now after looking at the Kerberos libraries on CPAN, it appears that changing a user's password is not one of the abilities that any of those libraries have. Which seems strange since Kerberos is specifically a secure password authentication system. Sure it does things with tickets to allow authenticated users access to resources, but to be unable to change a password? Seems to me like it would be something that would happen quite often.
Now, I'm new enough to kerberos where I may just be totally missing something that should be obvious, but I've looked at it several times over the past few days, and I still haven't seen that ability.
So, could someone who's versed in Kerberos shine some light on how I can allow a user to change their own password? Oh, I'm attempting to use apache/linux to do this, not windows, or I wouldn't be asking these questions.