Support for Microsoft Set Password protocol

Love lha at
Wed Apr 2 10:13:23 EST 2003

Sam Hartman <hartmans at> writes:

>>>>>> "Danilo" == Danilo Almeida <dalmeida at MIT.EDU> writes:
>     Danilo> Due to the interop issues, wouldn't is be simpler to just
>     Danilo> to have a krb5_ms_set_password()?
> I think I am likely to adopt this approach.

All applications that wants to set a password should first call
krb5_ms_set_password and krb5_set_password, and then what ?

krb5_set_password2 when/if the protocol changes ?

Why must the API depend on the protocol ?

>     Danilo> My understanding is that everyone who needs the MS set
>     Danilo> password functionality needs it only to manage Windows
>     Danilo> domains.  Therefore, they know that they are talking to a
>     Danilo> Windows domain.  Hence, they want to make a call that only
>     Danilo> does the MS thing.

Why should the application that sets a password know that type of kdc it
talks to ?


More information about the krbdev mailing list