[878] in Kerberos_V5_Development
Re: Proposed Kerberos V5 Password Changing Algorithm
daemon@ATHENA.MIT.EDU (eichin@MIT.EDU)
Mon Feb 27 16:59:27 1995
Date: Mon, 27 Feb 95 16:54:58 -0500
To: tytso@MIT.EDU
Cc: rsalz@osf.org, krbdev@MIT.EDU
In-Reply-To: <9502272124.AA18275@dcl.MIT.EDU> (message from Theodore Ts'o on Mon, 27 Feb 1995 16:24:20 +0500)
From: eichin@MIT.EDU
>> there are other places where text is being passed back to the client for
>> display to the user.
That's why I said it wouldn't do much good to bring it up -- nothing
else in V5 gets it right either. The one save is that almost
everything returns numeric values, which can be looked up in a
client-side table which has been "localized", and the server-supplied
text can be (mostly) ignored... a solution which is of no use to a
server-supplied generic text message.
>> One of the ideas which I've been tossing around in my head is that the
Umm. Gee, then we can have the server hand back HTML, and do most of
the user interface via a handy authenticated web client. Then we don't
need the protocol at all, right? We can just make "k5-change-pw" be a
CGI script :-)
>> That's the way it was done in V4.
I thought we were trying to improve on V4...
>> My main reason for doing it is that I believe that a robust AND freely
>> available administration server will be most likely be available the
>> fastest if we adopt this course. This is something which I'd assume
>> would be of interest to Cygnus. :-)
Certainly :-)
I guess it is just that my brain is wrapped around the problem of
saying that we want a simple password protocol as an *exception* case
because it is a ubiquitous bit of functionality, while the general
admin case isn't... and at the same time saying that well, since we've
got this port and this protocol anyway, let's pour all of the other
functionality into it. (I think that's how the V4 protocol happenned,
from the looks of it :-) The main bug in the V4 kadmin protocol is
that it passes keys as pairs of integers... if it had passed keys as
keys, there would have been no need for numeric arguments at all, and
it would have been a lot more portable.
>> commands must be prefixed with "X". It's merely an oversight that it
Ah, right. Ok.
_Mark_
