Re: LDAP & AD - allow user to reset password

I don't know the details of how it's done but ssh/PAM/Kerberos authentication against AD can be set up to handle password reset on logon from linux. All the linux side code is available, so you can review it to find out how they are doing it.

Comment on Re: LDAP & AD - allow user to reset password

Replies are listed 'Best First'.
Re^2: LDAP & AD - allow user to reset password by 5mi11er (Deacon) on Mar 20, 2009 at 22:03 UTC
Ok, I've managed to figure out that you MUST use Kerberos to change an expired AD account. So, I looked at most of the Kerberos perl libraries, but from what I can tell, none of them offer the ability to change a Kerberos password? I'm new enough to kerberos, I could be over looking something... So, new question, how does one change a Kerberos password within Perl? -Scott Update: I re-asked this question as a new SOPW post: Change a user's Kerberos Password? I actually got a good answer, and posted an answer I got through email.	[reply]

Replies are listed 'Best First'.

Re^2: LDAP & AD - allow user to reset password
by 5mi11er (Deacon) on Mar 20, 2009 at 22:03 UTC

I've managed to figure out that you MUST use Kerberos to change an expired AD account. So, I looked at most of the Kerberos perl libraries, but from what I can tell, none of them offer the ability to change a Kerberos password? I'm new enough to kerberos, I could be over looking something...

So, new question, how does one change a Kerberos password within Perl?

-Scott

Update:

Change a user's Kerberos Password?

[reply]