Password changing from behind a NAT

Sam Hartman hartmans at MIT.EDU
Mon Oct 20 12:22:25 EDT 2003

>>>>> "Ken" == Ken Hornstein <kenh at> writes:

    >> We do not consider this a solution because of the reflection
    >> problems.
    Ken> So, I had to look at this to understand the risks here.

The kpasswd protocol may be safe from reflections.  I'm very
uncomfortable with breaking the krb_priv abstraction or introducing a
general security problem for krb_priv.

More information about the krbdev mailing list