Password change protocol rework, round 2

Ken Hornstein kenh at
Wed Mar 10 11:20:10 EST 2004

>I tend to agree with Nico: in this instance retransmit a new request.

Hm, well, I thought Nico said in his email, "The client could make a
new request, but retransmission is probably better."

Aside from library abstraction-violation and common codepath issues,
I've realized it won't really work.  If you have a password history
(and almost everyone I know that actually expires passwords does), and
the reply packet is dropped, the server will see a reused password and
return a "password reused" error.  So the user would get an error back
saying "Password is in the password history", but the password would
actually get changed.  That seems rather suboptimal.

I see that Heimdal actually retransmits a new request every time ...
but the server doesn't implement a lookaside cache.  I wonder what
MS does.

I guess what to do in case of retransmission should be in the
specification, eh, Nico? :-)


More information about the krbdev mailing list