password change protocol implementation
Ken Hornstein
kenh at cmf.nrl.navy.mil
Fri Feb 13 17:22:11 EST 2004
>I want the API to become easier to use over time, not harder. As
>such, I want the default behavior when we support directional
>addresses to be that the receiver of a message will accept either
>directional or non-directional addresses and the sender can easily
>select address type.
>
>I believe that your proposed implementation increases the complexity
>of using the API and makes it likely that applications will
>accidentally only support directional addresses and have other failure
>modes.
I guess my impression was from various conversations with you and
others on this topic was that directional addresses were the "way to
go", and actual addresses in KRB_PRIV/SAFE messages were on the way
out. So I was thinking that new applications (if there ever _are_ any
other applications that use KRB_PRIV/SAFE, and somehow I am skeptical
that there will be large numbers) should only support directional
addresses. I mean, is it likely there are going to be more application
protocols that use KRB_PRIV/SAFE that are pre-clarifications?
I just can't really get the energy to develop a new API that will,
in my mind, _only_ be used by the change password server.
--Ken
More information about the krbdev
mailing list