password change protocol implementation
Sam Hartman
hartmans at MIT.EDU
Tue Feb 17 15:08:14 EST 2004
>>>>> "Ken" == Ken Hornstein <kenh at cmf.nrl.navy.mil> writes:
>>> >I'm actually not sure whether krb5_rd_cred should accept
>>> directional >addresses; I believe clarifications speaks to
>>> this but don't remember >what it says.
>>>
>>> Hm, would a directional address even have any meaning for a
>>> KRB_CRED?
>> Maybe it could in user2user scenarios...
Ken> Hm ... maybe, I guess if you're forwarding your credentials
Ken> to another user and the application protocol permits either
Ken> end to forward credentials ... although I wonder what a
Ken> reflection attack would actually do in this scenario.
The spec claims we don't care about reflection attacks for krb_cred.
I just forget whether you are permitted to use directional addresses.
Actually, 7.1 is rather unclear on krb_cred. Sigh.
More information about the krbdev
mailing list