password change protocol implementation
Sam Hartman
hartmans at MIT.EDU
Fri Feb 13 16:35:12 EST 2004
>>>>> "Ken" == Ken Hornstein <kenh at cmf.nrl.navy.mil> writes:
Ken> Sigh. I mean #define, of course. E.g.:
>> You'd also need to add code to the comparison functions so
>> that directional addresses compare correctly and are checked.
Ken> It sure looks like to me the existing krb5_address_compare()
Ken> function will DTRT. Am I missing something?
The first line returns false if the addresses are not of the same
ttype.
Remember that the auth context will have a real address (or should
have a real address) and will need to compare that to a directional
address. Actually, compare_addresses doesn't have enough information;
it doesn't know which role the context has.
Possible solutions include creating a new compare_address API (it's
exported so you can't change or drop the existing one) that takes a
role parameter.. Alternatively, you could allow auth contexts to have
multiple addresses and give them both a directional and real address.
You'd then need to decide which address to use for sending.
More information about the krbdev
mailing list