RFC 3244 (rfc3244) - Page 4 of 7
Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols
Alternative Format: Original Text Document
RFC 3244 Microsoft Windows 2000 Kerberos Change & Set February 2002 protocol version number: contains the hex constant 0x0001 (big-endian integer). (The reply message has the same format as the original change password protocol.) AP-REP length: length of AP-REP data, in bytes. If the length is zero, then the last field contains a KRB-ERROR message instead of a KRB-PRIV message. AP-REP data: the AP-REP is the response to the AP-REQ in the request packet. KRB-PRIV message: This KRB-PRIV message must be encrypted with the subsession key from the authenticator in the AP-REQ data. The server will respond with a KRB-PRIV message unless it cannot decode the client AP-REQ or KRB-PRIV message, in which case it will respond with a KRB-ERROR message. NOTE: Unlike change password version 1, the KRB-ERROR message will be sent back without any encapsulation. The user-data component of the KRB-PRIV message, or e-data component of the KRB-ERROR message, consists of the following data. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | result code | result string / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ result code (16 bits) (result codes 0-4 are from the original change password protocol): The result code must have one of the following values (big-endian integer): KRB5_KPASSWD_SUCCESS 0 request succeeds (This value is not allowed in a KRB-ERROR message) KRB5_KPASSWD_MALFORMED 1 request fails due to being malformed KRB5_KPASSWD_HARDERROR 2 request fails due to "hard" error in processing the request (for example, there is a resource or other problem causing the request to fail) Swift, et al. Informational
