Decision on set-change password API
hartmans at MIT.EDU
Fri Apr 11 14:52:51 EDT 2003
After reading the thread on set password, I've come to the conclusion
that I willcommit a krb5_set_password API rather than a
krb5_ms_set_password API or some other API that is protocol specific.
Since we only support one protocol at the current time, we will always
use that protocol.
With the exception of a small number of applications, the application
cares about the function of setting a password, not about the
particular protocol being used.
We will need a more expansive API to support all the options of the v2
protocol. That API will require careful design. Even once we have
that API, the krb5_set_password API will still exist and will try the
v2 protocol and then fall back to the Microsoft protocol. If we have
not discovered a reasonable way to negotiate by that time, we will
need to provide some mechanism for administrators to configure the
desired protocol on a realm-by-realm basis.
Thanks for all your input; it was useful to explore all the options.
More information about the krbdev