password change protocol implementation

Ken Hornstein kenh at
Fri Feb 13 17:22:11 EST 2004

>I want the API to become easier to use over time, not harder.  As
>such, I want the default behavior when we support directional
>addresses to be that the receiver of a message will accept either
>directional or non-directional addresses and the sender can easily
>select address type.
>I believe that your proposed implementation increases the complexity
>of using the API and makes it likely that applications will
>accidentally only support directional addresses and have other failure

I guess my impression was from various conversations with you and
others on this topic was that directional addresses were the "way to
go", and actual addresses in KRB_PRIV/SAFE messages were on the way
out.  So I was thinking that new applications (if there ever _are_ any
other applications that use KRB_PRIV/SAFE, and somehow I am skeptical
that there will be large numbers) should only support directional
addresses.  I mean, is it likely there are going to be more application
protocols that use KRB_PRIV/SAFE that are pre-clarifications?
I just can't really get the energy to develop a new API that will,
in my mind, _only_ be used by the change password server.


More information about the krbdev mailing list