password change protocol implementation

Sam Hartman hartmans at MIT.EDU
Fri Feb 13 16:35:12 EST 2004

>>>>> "Ken" == Ken Hornstein <kenh at> writes:

    Ken> Sigh.  I mean #define, of course.  E.g.:
    >>  You'd also need to add code to the comparison functions so
    >> that directional addresses compare correctly and are checked.

    Ken> It sure looks like to me the existing krb5_address_compare()
    Ken> function will DTRT.  Am I missing something?

The first line returns false if the addresses are not of the same

Remember that the auth context will have a real address (or should
have a real address) and will need to compare that to a directional
address.  Actually, compare_addresses doesn't have enough information;
it doesn't know which role the context has.

Possible solutions include creating a new compare_address API (it's
exported so you can't change or drop the existing one) that takes a
role parameter..  Alternatively, you could allow auth contexts to have
multiple addresses and give them both a directional and real address.
You'd then need to decide which address to use for sending.

More information about the krbdev mailing list