[Samba] Certificates stop working after password change
Andrew Bartlett
abartlet at samba.org
Fri Jun 7 17:35:16 MDT 2013
On Thu, 2013-06-06 at 20:41 +0000, Joaquin Cabrera wrote:
> Hi,
>
>
> We found the following problem when working with personal certificates.
>
> We have a system in java using certificates at the time of signing, the certificates stop working when the user performs a password change.
>
> Customers are connected to the domain Samba4, mainly are pc with windows 7 or vista. This error does not happen with certificates if the equipment is in a workgroup.
>
> We also found that if the user change back to the previous password can sign correctly.
>
> Reinstall Cetificates whenever the user changes their password is not an option, because we want to implement a policy requiring change passwords every three months.
>
> The samba versión is 4.0.3
That is very odd. X.509 certificates presented to our KDC for PK-INIT are not checked against a password in any way - it is entirely up to the validity of the certificate.
Can you show the error shown on the KDC when the certificate is
rejected?
Or are you referring to some other certificate system?
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba
mailing list