Password change protocol rework, round 2
kenh at cmf.nrl.navy.mil
Wed Mar 10 11:20:10 EST 2004
>I tend to agree with Nico: in this instance retransmit a new request.
Hm, well, I thought Nico said in his email, "The client could make a
new request, but retransmission is probably better."
Aside from library abstraction-violation and common codepath issues,
I've realized it won't really work. If you have a password history
(and almost everyone I know that actually expires passwords does), and
the reply packet is dropped, the server will see a reused password and
return a "password reused" error. So the user would get an error back
saying "Password is in the password history", but the password would
actually get changed. That seems rather suboptimal.
I see that Heimdal actually retransmits a new request every time ...
but the server doesn't implement a lookaside cache. I wonder what
I guess what to do in case of retransmission should be in the
specification, eh, Nico? :-)
More information about the krbdev