draft-ietf-cat-kerberos-set-passwd-01.txt   draft-ietf-cat-kerberos-set-passwd-02.txt 
INTERNET-DRAFT Mike Swift INTERNET-DRAFT Mike Swift
draft-ietf-cat-kerberos-set-passwd-01.txt Microsoft draft-ietf-cat-kerberos-set-passwd-02.txt Microsoft
February 2000 Jonathan Trostle March 2000 Jonathan Trostle
Cisco Systems Cisco Systems
John Brezak John Brezak
Microsoft Microsoft
Bill Gossman Bill Gossman
Cybersafe Cybersafe
Kerberos Set/Change Password: Version 2 Kerberos Set/Change Password: Version 2
0. Status Of This Memo 0. Status Of This Memo
skipping to change at line 132 skipping to change at line 132
targname[1] PrincipalName OPTIONAL, targname[1] PrincipalName OPTIONAL,
-- only present in set password: the principal -- only present in set password: the principal
-- which will have its password set -- which will have its password set
targrealm[2] Realm OPTIONAL, targrealm[2] Realm OPTIONAL,
-- only present in set password: the realm for -- only present in set password: the realm for
-- the principal which will have its password set -- the principal which will have its password set
} }
NewPasswdOrKeys :: = CHOICE { NewPasswdOrKeys :: = CHOICE {
passwords[0] KeySequence, passwords[0] PasswordSequence,
keyseq[1] PasswordSequence keyseq[1] KeySequences
}
KeySequences :: = SEQUENCE OF KeySequence
KeySequence :: = SEQUENCE { KeySequence :: = SEQUENCE {
key[0] EncryptionKey, key[0] EncryptionKey,
salt[1] OCTET STRING OPTIONAL, salt[1] OCTET STRING OPTIONAL,
salt-type[2] INTEGER OPTIONAL salt-type[2] INTEGER OPTIONAL
} }
PasswordSequence :: = SEQUENCE { PasswordSequence :: = SEQUENCE {
newpasswd[0] OCTET STRING, newpasswd[0] OCTET STRING,
oldpasswd[1] OCTET STRING OPTIONAL oldpasswd[1] OCTET STRING OPTIONAL
-- oldpasswd always present for change password -- oldpasswd always present for change password
-- but not set password -- but not present for set password
} }
The server must verify the AP-REQ message, check whether the client The server must verify the AP-REQ message, check whether the client
principal in the ticket is authorized to set or change the password principal in the ticket is authorized to set or change the password
(either for that principal, or for the principal in the targname (either for that principal, or for the principal in the targname
field if present), and decrypt the new password/keys. The server field if present), and decrypt the new password/keys. The server
also checks whether the initial flag is required for this request, also checks whether the initial flag is required for this request,
replying with status 0x0007 if it is not set and should be. An replying with status 0x0007 if it is not set and should be. An
authorization failure is cause to respond with status 0x0005. For authorization failure is cause to respond with status 0x0005. For
forward compatibility, the server should be prepared to ignore fields forward compatibility, the server should be prepared to ignore fields
skipping to change at line 289 skipping to change at line 292
[2] Bradner, S., "Key words for use in RFCs to Indicate Requirement [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement
[3] J. Kohl, C. Neuman. The Kerberos Network Authentication [3] J. Kohl, C. Neuman. The Kerberos Network Authentication
Service (V5), Request for Comments 1510. Service (V5), Request for Comments 1510.
[4] M. Horowitz. Kerberos Change Password Protocol, [4] M. Horowitz. Kerberos Change Password Protocol,
ftp://ds.internic.net/internet-drafts/ ftp://ds.internic.net/internet-drafts/
draft-ietf-cat-kerb-chg-password-02.txt draft-ietf-cat-kerb-chg-password-02.txt
5. Expiration Date 5. Expiration Date
This draft expires in August 2000. This draft expires in September 2000.
6. Authors' Addresses 6. Authors' Addresses
Jonathan Trostle Jonathan Trostle
Cisco Systems Cisco Systems
170 W. Tasman Dr. 170 W. Tasman Dr.
San Jose, CA 95134 San Jose, CA 95134
Email: jtrostle@cisco.com Email: jtrostle@cisco.com
Mike Swift Mike Swift
skipping to change at line 311 skipping to change at line 314
Redmond, WA 98052 Redmond, WA 98052
Email: mikesw@microsoft.com Email: mikesw@microsoft.com
John Brezak John Brezak
1 Microsoft Way 1 Microsoft Way
Redmond, WA 98052 Redmond, WA 98052
Email: jbrezak@microsoft.com Email: jbrezak@microsoft.com
Bill Gossman Bill Gossman
Cybersafe Corporation Cybersafe Corporation
1605 NW Sammamish Rd.
Issaquah, WA 98027-5378
Email: bill.gossman@cybersafe.com Email: bill.gossman@cybersafe.com
 End of changes. 5 change blocks. 
6 lines changed or deleted 11 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/