Hash: SHA1

Earlier, I posted this:

> I just noticed that with 1.4.1 and 1.4.2, when I try to change my
> password with kpasswd, I get the following message after entering the
> new password twice:
> kpasswd: Permission denied changing password
> This occurs whether the KDC is at 1.3.4 or at 1.4.2.
> I don't have the problem using a 1.3.4 kpasswd.
> Has something changed in 1.4.x with respect to password changing?

I now realize what the answer is: my firewall. I needed to open up UDP
464 to allow password-changing. This hasn't been an issue for me in the
past because, until very recently, I haven't been running a host-based
firewall on my own workstation. If I had been, then I'm sure my 1.3.4
kpasswd would have had the same problem. My test earlier today with a
1.3.4 kpasswd was from a different machine (still running 1.3.4) that
doesn't have such a firewall.

I realized all this when I discovered that 1.4.2 kpasswd worked fine from
my 1.4.2 KDC itself. I then ran a trace of kpasswd on my workstation and
saw that the 'permission denied' problem was coming when trying to write
to a socket for the actual password change.

Sorry for the false alarm!


__________________________________________________ ___________________
Mike Friedman System and Network Security
mikef@ack.Berkeley.EDU 2484 Shattuck Avenue
1-510-642-1410 University of California at Berkeley
http://ack.Berkeley.EDU/~mikef http://security.berkeley.edu
__________________________________________________ ___________________

Version: PGP 6.5.8

iQA/AwUBQvvRPK0bf1iNr4mCEQLsLwCgviFFXYAg+4Fh0hT7l9lM9x 7ZPVwAnjO0
Kerberos mailing list Kerberos@mit.edu