password change protocol implementation
Ken Hornstein
kenh at cmf.nrl.navy.mil
Tue Feb 17 14:25:36 EST 2004
>> >I'm actually not sure whether krb5_rd_cred should accept directional
>> >addresses; I believe clarifications speaks to this but don't remember
>> >what it says.
>>
>> Hm, would a directional address even have any meaning for a KRB_CRED?
>
>Maybe it could in user2user scenarios...
Hm ... maybe, I guess if you're forwarding your credentials to another
user and the application protocol permits either end to forward
credentials ... although I wonder what a reflection attack would
actually do in this scenario.
--Ken
More information about the krbdev
mailing list