password change protocol implementation
Ken Hornstein
kenh at cmf.nrl.navy.mil
Fri Feb 13 17:43:50 EST 2004
> I'm wondering why you think people don't or won't be using
> krb5_{rd|mk}_{safe|priv}? Or am I missing your point?
Two reasons:
- They're a pain in the butt to use from a programming perspective (speaking
from experience, believe me). Sure, I understand why Sam doesn't
want the API to get worse; it's terrible as-is. But it's much
simpler to use the raw encryption/checksum routines.
- If you use them today, your protocol won't work from behind a NAT (hence
the reason the stock MIT code doesn't support password changing from
behind a NAT).
That's the _won't_. The _don't_ is based on my experience; it's
extremely rare to come across a program that uses KRB_PRIV or
KRB_SAFE. Maybe there are a bunch out there that I don't know about;
that's always possible. But I believe that currently only the password
changing protocol is the only IETF-specified prototol that uses KRB_PRIV.
Most IETF protocols with Kerberos support use the GSSAPI, and the
GSSAPI integrity and confidentiality messages do not have IP addresses
in them.
--Ken
More information about the krbdev
mailing list