[Samba] Certificates stop working after password change
Andrew Bartlett
abartlet at samba.org
Mon Jun 10 15:56:50 MDT 2013
On Mon, 2013-06-10 at 21:49 +0000, Joaquin Cabrera wrote:
> Hi Andrew, thanks for replying.
>
> Certificates are X.509 for personal signatures but have no interaction
> with the KDC I think, only used to sign on the java application.
>
> I'm not aware of what changes are made in the windows clients when we
> join them to Samba4, but once joined, the user can not change his
> password without make the certificate unusable.
>
> As I mentioned before, if you change the user's password back to the
> old one, the certificate works correctly.
>
> Any idea is welcome. And sorry for my english...
My guess is that the certificates are encrypted with the user's local
password, and any password change (enforced or otherwise) is not being
captured by the java application to decrypt and re-encrypt the
certificate.
Do your users change their password at the login screen or with
ctrl-alt-del?
You could prove it isn't a Samba issue by changing the local windows
password on a standalone workstation.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba
mailing list