Password changing from behind a NAT

[Sam Hartman]

>>>>> "Ken" == Ken Hornstein <kenh at cmf.nrl.navy.mil> writes:

    >> The kpasswd protocol may be safe from reflections.  I'm very
    >> uncomfortable with breaking the krb_priv abstraction or
    >> introducing a general security problem for krb_priv.

    Ken> No argument there; I was thinking of a specific (maybe even
    Ken> internal) API that allowed the caller to disable the address
    Ken> checking for krb_priv.  That way applications and protocols
    Ken> that used KRB-PRIV would still get the same address checking
    Ken> by default.  I don't know if that should be something like
    Ken> krb5_auth_con_setflags(), or whatever.  Since it's likely
    Ken> that y'all won't take the patches back, I guess the question
    Ken> is moot.

I don't really have a strong opinion at this time on the
kpasswd-specific issue.  How do other people here feel about a
kpasswd-specific hack?