Should we be implementing version 2 of the set/change password protocol?
Ezra Peisach
epeisach at MIT.EDU
Wed Jan 22 18:06:01 EST 2003
The discussion about kpasswd made me realize that our tree still
supports version one of the kerberos change password protocol.
(For reference purposes, the doc/kadmin directory contains notes
on the different protocols currently existing in the tree).
Our tree's code is based on the 1998
draft-ietf-cat-kerb-chg-password-02.txt (as is Heimdal 0.5).
krb5_change_password only knows from this code.
Meanwhile, newer drafts have been developed and version 2 of the
protocol has been kicking around for a
while. <draft-ietf-cat-kerberos-set-passwd-06.txt>
The major added complexity is that TCP SHOULD be accepted. We would need
to handle a server returning the wrong version number and retrying with
a different protocol - new encoders, etc.
How important is it that this gets done?
If nothing else, maybe a bug report filed that we should consider future
support.
Ezra
More information about the krbdev
mailing list