[2470] in Kerberos_V5_Development
Re: Password expiration via a preauth mechanism
daemon@ATHENA.MIT.EDU (Johan Danielsson)
Wed Jul 30 20:53:56 1997
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Cc: krbdev@MIT.EDU
From: joda@pdc.kth.se (Johan Danielsson)
Date: 31 Jul 1997 02:52:55 +0200
In-Reply-To: Ken Hornstein's message of Wed, 30 Jul 1997 11:22:41 -0400
Ken Hornstein <kenh@cmf.nrl.navy.mil> writes:
> Hmph. I had forgotten all about that field. I guess the reason I
> didn't use it was that it wasn't implemented at all in the KDC, and
> I didn't feel comfortable implementing my own thing.
>
> Worth redoing, you think?
Sounds both better and easier to me, rather than using random
ASN.1-types. Since your sequence-of decoder is broken, you might as
well fill the required field with something useful. :-)
Sam Hartman <hartmans@MIT.EDU> writes:
> I think that if you want to specify additional information or allow
> the warning time to be set on the KDC, it would be reasonable to use
> preauth. However, I would expect any KDC that implemented such a
> protocol to also include the information in the KDC reply.
Hmm, I'm not quite sure I follow. Are you suggesting that some
information should be passed *to* the KDC?
/Johan
