Password changing from behind a NAT
hartmans at MIT.EDU
Mon Oct 20 12:22:25 EDT 2003
>>>>> "Ken" == Ken Hornstein <kenh at cmf.nrl.navy.mil> writes:
>> We do not consider this a solution because of the reflection
Ken> So, I had to look at this to understand the risks here.
The kpasswd protocol may be safe from reflections. I'm very
uncomfortable with breaking the krb_priv abstraction or introducing a
general security problem for krb_priv.
More information about the krbdev