password change protocol implementation

Ken Hornstein kenh at
Tue Feb 17 14:25:36 EST 2004

>> >I'm actually not sure whether krb5_rd_cred should accept directional
>> >addresses; I believe clarifications speaks to this but don't remember
>> >what it says.
>> Hm, would a directional address even have any meaning for a KRB_CRED?
>Maybe it could in user2user scenarios...

Hm ... maybe, I guess if you're forwarding your credentials to another
user and the application protocol permits either end to forward
credentials ...  although I wonder what a reflection attack would
actually do in this scenario.


More information about the krbdev mailing list