password change protocol implementation

Ken Raeburn raeburn at MIT.EDU
Tue Feb 24 15:14:20 EST 2004

On Tuesday, Feb 24, 2004, at 15:09 US/Eastern, Ken Hornstein wrote:
Sounds good.  I'm not sure how much coding I'll be able to do before and
> at Seoul, but I'll tackle this when I get back, definately.

That'd be great.  I don't think we'll be releasing 1.4 before then, so 
no rush. :-)

> However, I've realized something else in the meantime.  If we were to
> switch the password change protocol over to using something like
> krb5int_sendto (or whatever), that means there may be a possibility of
> a replayed change password message being sent to the server as part of
> the retransmission if a reply packet is dropped.  We might need to
> implement a lookaside cache similar to what the KDC can optionally use.

Probably a good idea.


More information about the krbdev mailing list