IETF Logo Mail Archive

Re: [kitten] PKCROSS and philosophical tangents...

Russ Allbery <eagle@eyrie.org> Fri, 31 January 2014 20:18 UTC

Return-Path: <eagle@eyrie.org>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF06F1A0423 for <kitten@ietfa.amsl.com>; Fri, 31 Jan 2014 12:18:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c_GlaIb_xyG2 for <kitten@ietfa.amsl.com>; Fri, 31 Jan 2014 12:18:21 -0800 (PST)
Received: from smtp.stanford.edu (smtp2.Stanford.EDU [171.67.219.82]) by ietfa.amsl.com (Postfix) with ESMTP id 27D3F1A03F5 for <kitten@ietf.org>; Fri, 31 Jan 2014 12:18:21 -0800 (PST)
Received: from smtp.stanford.edu (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 9FD193431A5; Fri, 31 Jan 2014 12:18:17 -0800 (PST)
Received: from windlord.stanford.edu (windlord.Stanford.EDU [171.67.225.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.stanford.edu (Postfix) with ESMTPS id 218443432D4; Fri, 31 Jan 2014 12:18:16 -0800 (PST)
Received: by windlord.stanford.edu (Postfix, from userid 1000) id 538752F4DA; Fri, 31 Jan 2014 12:18:15 -0800 (PST)
From: Russ Allbery <eagle@eyrie.org>
To: "Nordgren, Bryce L -FS" <bnordgren@fs.fed.us>
In-Reply-To: <82E7C9A01FD0764CACDD35D10F5DFB6E684319@001FSN2MPN1-046.001f.mgd2.msft.net> (Bryce L. Nordgren's message of "Fri, 31 Jan 2014 19:05:56 +0000")
Organization: The Eyrie
References: <82E7C9A01FD0764CACDD35D10F5DFB6E683D80@001FSN2MPN1-046.001f.mgd2.msft.net> <201401311750.s0VHoV9a010086@hedwig.cmf.nrl.navy.mil> <82E7C9A01FD0764CACDD35D10F5DFB6E684319@001FSN2MPN1-046.001f.mgd2.msft.net>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux)
Date: Fri, 31 Jan 2014 12:18:15 -0800
Message-ID: <87bnyrc3co.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] PKCROSS and philosophical tangents...
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jan 2014 20:18:23 -0000

"Nordgren, Bryce L -FS" <bnordgren@fs.fed.us> writes:

> It's possible that account maintenance could be facilitated with a
> series of recommendations and the corresponding security
> analyses. Expose your password-changing interface to the wide world and
> advertise which set of admin tools (MIT/heimdal/MS) are compatible?

Password changes are interoperable provided that they're limited to
operations that can be performed via the kpasswd protocol (and provided
you can deal with the kpasswd protocol, which is rather broken, but
usually workable in practice provided everyone understands the required
assumptions).

You only have to care about the different admin protocols if you need to
support operations other than password change.

-- 
Russ Allbery (eagle@eyrie.org)              <http://www.eyrie.org/~eagle/>

v2.29.0 | Report a Bug | By Email | System Status