password change protocol implementation

Ken Hornstein kenh at
Fri Feb 13 16:47:12 EST 2004

>The first line returns false if the addresses are not of the same
>Remember that the auth context will have a real address (or should
>have a real address) and will need to compare that to a directional
>address.  Actually, compare_addresses doesn't have enough information;
>it doesn't know which role the context has.

Every use I've seen of krb5_mk_priv/safe (which are _very_ few) has it
explicitly put the address of the sender/receiver into the auth_context
immediately before the call to krb5_mk_priv/safe.  It seems to me the
obvious solution is to simply place the directional address into the
auth_context instead of the "real" address when you want to use it,
using the existing APIs.  At worst, if you get the appropriate error,
you might have to loop once, trying the "real" address.  This may be
putting a larger burden on application writers, but it seems like
almost nobody uses KRB_PRIV/KRB_SAFE in practice anyway.  Does having a
real address in the auth context actually have any value?  A quick grep
leads me to believe that it's only used to generate and validate
KRB_PRIV, KRB_SAFE, and KRB_CRED messages (and the sender address is
ignored now for the code that receives KRB_CRED messages, right?)


More information about the krbdev mailing list