password change protocol implementation

[Sam Hartman]

>>>>> "Ken" == Ken Hornstein <kenh at cmf.nrl.navy.mil> writes:

    Ken> implementation, but maybe this isn't so bad after all.  Just
    Ken> so I understand ... you mean add a flag to indicate whether
    Ken> or not mk_req was called, _not_ mk_priv, right?  I ask
    Ken> because I understood that the determining of the "direction"
    Ken> was based on who issued the AP_REQ.

You are correct; I misspoke.
    >> Then add functionality to krb5_genaddrs to set up an auth
    >> context to use directional addresses for the sending (local)
    >> but not receiving (remote) address.

    Ken> So, something like:

    Ken> krb5_auth_con_genaddrs(ctx, actx,
    Ken> KRB5_AUTH_CONTEXT_GENERATE_LOCAL_DIR_ADDR, ...)

    Ken> ?

Yes.