password change protocol implementation
Ken Hornstein
kenh at cmf.nrl.navy.mil
Tue Feb 24 15:09:22 EST 2004
>I've just created util/apputils for miscellaneous stuff like this, to
>be linked statically into some of our programs, and not installed
>separately, and I moved daemon.c into it. So far, with only that one
>function in it, it's linked into a handful of server programs.
Sounds good. I'm not sure how much coding I'll be able to do before and
at Seoul, but I'll tackle this when I get back, definately.
However, I've realized something else in the meantime. If we were to
switch the password change protocol over to using something like
krb5int_sendto (or whatever), that means there may be a possibility of
a replayed change password message being sent to the server as part of
the retransmission if a reply packet is dropped. We might need to
implement a lookaside cache similar to what the KDC can optionally use.
--Ken
More information about the krbdev
mailing list