password change protocol implementation
Ken Raeburn
raeburn at MIT.EDU
Tue Feb 24 15:14:20 EST 2004
On Tuesday, Feb 24, 2004, at 15:09 US/Eastern, Ken Hornstein wrote:
Sounds good. I'm not sure how much coding I'll be able to do before and
> at Seoul, but I'll tackle this when I get back, definately.
That'd be great. I don't think we'll be releasing 1.4 before then, so
no rush. :-)
> However, I've realized something else in the meantime. If we were to
> switch the password change protocol over to using something like
> krb5int_sendto (or whatever), that means there may be a possibility of
> a replayed change password message being sent to the server as part of
> the retransmission if a reply packet is dropped. We might need to
> implement a lookaside cache similar to what the KDC can optionally use.
Probably a good idea.
Ken
More information about the krbdev
mailing list