Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols (RFC3244)

IP.com Disclosure Number: IPCOM000007218D
Original Publication Date: 2002-Feb-01
Included in the Prior Art Database: 2002-Mar-06
Document File: 8 page(s) / 13K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

M. Swift: AUTHOR [+3]

Abstract

This memo specifies Microsoft's Windows 2000 Kerberos change password and set password protocols. The Windows 2000 Kerberos change password protocol interoperates with the original Kerberos change password protocol. Change password is a request reply protocol that includes a KRB_PRIV message that contains the new password for the user.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 28% of the total text.

Network Working Group                                           M. Swift

Request for Comments: 3244                      University of Washington

Category: Informational                                       J. Trostle

                                                           Cisco Systems

                                                               J. Brezak

                                                               Microsoft

                                                           February 2002

            Microsoft Windows 2000 Kerberos Change Password

                       and Set Password Protocols

Status of this Memo

   This memo provides information for the Internet community.  It does

   not specify an Internet standard of any kind.  Distribution of this

   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2002).  All Rights Reserved.

Abstract

   This memo specifies Microsoft's Windows 2000 Kerberos change password

   and set password protocols.  The Windows 2000 Kerberos change

   password protocol interoperates with the original Kerberos change

   password protocol.  Change password is a request reply protocol that

   includes a KRB_PRIV message that contains the new password for the

   user.

1. Introduction

   Microsoft's Windows 2000 Kerberos change password protocol

   interoperates with the original Kerberos change password protocol.

   Change password is a request reply protocol that includes a KRB_PRIV

   message that contains the new password for the user.  The original

   change password protocol does not allow an administrator to set a

   password for a new user.  This functionality is useful in some

   environments, and this proposal extends the change password protocol

   to allow password setting.  The changes are: adding new fields to the

   request message to indicate the principal which is having its

   password set, not requiring the initial flag in the service ticket,

   using a new protocol version number, and adding three new result

   codes.

Swift, et al.                Informational                      [Page 1]

RFC 3244      Microsoft Windows 2000 Kerberos Change & Set February 2002

2.  The Protocol

   The service accepts requests on UDP port 464 and TCP port 464 as

   well.  The protocol consists of a single request message followed by

   a single reply message.  For UDP transport, each message must be

   fully contained in a single UDP packet.

   For TCP transport, there is a 4 octet header in network byte order

   that precedes the message and specifies the length of the message.

   Request Message

     0                   1                   2                   3

     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

    |         message length        |    protocol version number    |

    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

    |          AP_REQ length        |         AP_REQ data           /

    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

    /                        KRB-PRIV message                       /

    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   All 16 bit fields are in big-endian order.

   message length field: contains the number of bytes in the message

   including this field.

   protocol version number: contains the hex constant 0xff80 (big-endian

   integer).

   AP-REQ length: length of AP-REQ data, in bytes.  If the length is

   zero, then the last field contains a KRB-ERROR message instead of a

   KRB-PRIV message.

   AP-REQ data: (see [1]) The AP-REQ message must be for the service

   principal kadmin/changepw@REALM, where...