password change protocol implementation

Sam Hartman hartmans at MIT.EDU
Tue Feb 17 15:08:14 EST 2004

>>>>> "Ken" == Ken Hornstein <kenh at> writes:

    >>> >I'm actually not sure whether krb5_rd_cred should accept
    >>> directional >addresses; I believe clarifications speaks to
    >>> this but don't remember >what it says.
    >>> Hm, would a directional address even have any meaning for a
    >>> KRB_CRED?
    >>  Maybe it could in user2user scenarios...

    Ken> Hm ... maybe, I guess if you're forwarding your credentials
    Ken> to another user and the application protocol permits either
    Ken> end to forward credentials ...  although I wonder what a
    Ken> reflection attack would actually do in this scenario.

The spec claims we don't care about reflection attacks for krb_cred.
I just forget whether you are permitted to use directional addresses.
Actually, 7.1 is rather unclear on krb_cred.  Sigh.

More information about the krbdev mailing list