RFC 3244 (rfc3244) - Page 1 of 7


Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols



Alternative Format: Original Text Document



Network Working Group                                           M. Swift
Request for Comments: 3244                      University of Washington
Category: Informational                                       J. Trostle
                                                           Cisco Systems
                                                               J. Brezak
                                                               Microsoft
                                                           February 2002


            Microsoft Windows 2000 Kerberos Change Password
                       and Set Password Protocols

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2002).  All Rights Reserved.

Abstract

   This memo specifies Microsoft's Windows 2000 Kerberos change password
   and set password protocols.  The Windows 2000 Kerberos change
   password protocol interoperates with the original Kerberos change
   password protocol.  Change password is a request reply protocol that
   includes a KRB_PRIV message that contains the new password for the
   user.

1. Introduction

   Microsoft's Windows 2000 Kerberos change password protocol
   interoperates with the original Kerberos change password protocol.
   Change password is a request reply protocol that includes a KRB_PRIV
   message that contains the new password for the user.  The original
   change password protocol does not allow an administrator to set a
   password for a new user.  This functionality is useful in some
   environments, and this proposal extends the change password protocol
   to allow password setting.  The changes are: adding new fields to the
   request message to indicate the principal which is having its
   password set, not requiring the initial flag in the service ticket,
   using a new protocol version number, and adding three new result
   codes.






Swift, et al.                Informational