password change protocol implementation

Ken Hornstein kenh at
Fri Feb 13 17:43:50 EST 2004

>   I'm wondering why you think people don't or won't be using
>   krb5_{rd|mk}_{safe|priv}?  Or am I missing your point?

Two reasons:

- They're a pain in the butt to use from a programming perspective (speaking
  from experience, believe me).  Sure, I understand why Sam doesn't
  want the API to get worse; it's terrible as-is.  But it's much
  simpler to use the raw encryption/checksum routines.

- If you use them today, your protocol won't work from behind a NAT (hence
  the reason the stock MIT code doesn't support password changing from
  behind a NAT).

That's the _won't_.  The _don't_ is based on my experience; it's
extremely rare to come across a program that uses KRB_PRIV or
KRB_SAFE.  Maybe there are a bunch out there that I don't know about;
that's always possible.  But I believe that currently only the password
changing protocol is the only IETF-specified prototol that uses KRB_PRIV.
Most IETF protocols with Kerberos support use the GSSAPI, and the
GSSAPI integrity and confidentiality messages do not have IP addresses
in them.


More information about the krbdev mailing list