[866] in Kerberos_V5_Development
Re: Proposed Kerberos V5 Password Changing Algorithm
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Fri Feb 24 13:44:30 1995
Date: Fri, 24 Feb 1995 13:44:25 +0500
From: Theodore Ts'o <tytso@MIT.EDU>
To: Marc Horowitz <marc@MIT.EDU>
Cc: Theodore Ts'o <tytso@MIT.EDU>, krbdev@MIT.EDU, Rich Salz
<rsalz@osf.org>
In-Reply-To: Marc Horowitz's message of Fri, 24 Feb 1995 00:11:00 EST,
<9502240511.AA02498@yaz-pistachio.MIT.EDU>
Date: Fri, 24 Feb 1995 00:11:00 EST
From: Marc Horowitz <marc@MIT.EDU>
>> There's a reason why the change password command includes the old
>> password, even though you've already authenticated to the password
>> changing daemon.
Why's that?
It's there so that a DCE password changing agent doesn't need "god bits"
to change the password. It can just log in as the user and change the
user's password.
In any case, Ted, it seems that there is "rough consensus" that the pw
change protocol should be text-based. The only person to disagree is
you....
Yes, but I haven't heard any really good, technical reasons for making
it be text based. And I'm doing the free implementation.
- Ted
