[Kdc-info] Password change operations
Leif Johansson
leifj at it.su.se
Thu Jul 31 15:32:13 EDT 2003
Nicolas Williams wrote:
>On Thu, Jul 31, 2003 at 02:29:55PM -0400, Sam Hartman wrote:
>
>
>>I think that we need to allow implementations to also support RFC
>>3062, possibly by funneling that through Nico's draft.
>>
>>
>
>But the text should discourage this. There's no allowance for password
>policies in RFC3062.
>
>
Password policies are a different matter altogether from the protocol
which sets
passwords and keys. I am not advocating use of RFC3062 but I believe the
schema
derived from the information model probably needs an applicability statement
where RFC3062 probably has to be covered in some way, if only to say
that its
use is discouraged in this context.
If Wyllys analysis is correct then rfc3062 is too limited to have
signifficant
semantic overlap with Nicos draft. Then clearly the info-model has to
defer to
the set/change password draft.
>Of course, one might prefer to use the ASN.1 types for the operations in
>the change password draft through LDAP, rather than through a standalone
>protocol. Details would have to be worked out, but it seems doable.
>
>
>
There might be a son-of-rfc3062 hidden here which imo would be a good thing.
Lots of installations will probably use some kind of kdc+directory in
the not too
far future and I would hate for there to be confusion about a
fundamental operation
like password change.
Cheers Leif
More information about the kdc-info
mailing list