password change protocol implementation

Ken Hornstein kenh at
Tue Feb 24 15:09:22 EST 2004

>I've just created util/apputils for miscellaneous stuff like this, to 
>be linked statically into some of our programs, and not installed 
>separately, and I moved daemon.c into it.  So far, with only that one 
>function in it, it's linked into a handful of server programs.

Sounds good.  I'm not sure how much coding I'll be able to do before and
at Seoul, but I'll tackle this when I get back, definately.

However, I've realized something else in the meantime.  If we were to
switch the password change protocol over to using something like
krb5int_sendto (or whatever), that means there may be a possibility of
a replayed change password message being sent to the server as part of
the retransmission if a reply packet is dropped.  We might need to
implement a lookaside cache similar to what the KDC can optionally use.


More information about the krbdev mailing list