Password changing from behind a NAT

[Ken Hornstein]

>The kpasswd protocol may be safe from reflections.  I'm very
>uncomfortable with breaking the krb_priv abstraction or introducing a
>general security problem for krb_priv.

No argument there; I was thinking of a specific (maybe even internal)
API that allowed the caller to disable the address checking for
krb_priv.  That way applications and protocols that used KRB-PRIV would
still get the same address checking by default.  I don't know if that
should be something like krb5_auth_con_setflags(), or whatever.  Since
it's likely that y'all won't take the patches back, I guess the
question is moot.

--Ken