[138] in pc-kerberos
Re: Upcoming potential changes in KRBV4*.DLL
daemon@ATHENA.MIT.EDU (John Gardiner Myers)
Thu Aug 3 15:31:03 1995
Date: Thu, 3 Aug 1995 15:20:14 -0400 (EDT)
From: John Gardiner Myers <jgm+@CMU.EDU>
To: pc-kerberos@MIT.EDU
In-Reply-To: <9508031757.AA24188@dcl.MIT.EDU>
"Theodore Ts'o" <tytso@MIT.EDU> writes:
> Err.... *why* would you ever want to make your kadmind only store the
> Transarc string_to_key()?
Because the site has deployed Transarc RX-based password changing
clients which are only capable of using the Transarc string-to-key.
In that case, storing a MIT v4 string-to-key encoded key in the
database will prevent the user from being able to change their
password with a Transarc password-changing client.
There was also an earlier statement that the OS/2 port of AFS is
unable to authenticate at all using the MIT string-to-key.
Having the kadmind be able to use the Transarc string-to-key no matter
what removes the need for the client to keep state about what
string-to-key it should use to encode the new password, assuming
Transarc string-to-key sites deploy that change to their kadmind.
You and I may agree that the Transarc string-to-key was a mistake, but
for some sites it is apparently the path of least resistance.
Maintaining this path appears to be a priority for the PC DLL work.
--
_.John G. Myers Internet: jgm+@CMU.EDU
LoseNet: ...!seismo!ihnp4!wiscvm.wisc.edu!give!up
