Received: from mail-out4.apple.com (mail-out4.apple.com [17.254.13.23]) by krbdev.mit.edu (8.12.9) with ESMTP id l8577lHW029957; Wed, 5 Sep 2007 03:07:47 -0400 (EDT) Received: from relay14.apple.com (relay14.apple.com [17.128.113.52]) by mail-out4.apple.com (Postfix) with ESMTP id 30A5C10ACD7F for ; Wed, 5 Sep 2007 00:07:41 -0700 (PDT) Received: from relay14.apple.com (unknown [127.0.0.1]) by relay14.apple.com (Symantec Mail Security) with ESMTP id 16F6D28051 for ; Wed, 5 Sep 2007 00:07:41 -0700 (PDT) X-Auditid: 11807134-a651ebb0000024d5-54-46de55bc9cc7 Received: from elliott.apple.com (elliott.apple.com [17.151.62.13]) by relay14.apple.com (Apple SCV relay) with ESMTP id F03652802B for ; Wed, 5 Sep 2007 00:07:40 -0700 (PDT) Received: from [10.0.1.200] ([67.170.214.216]) by elliott.apple.com (Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007)) with ESMTPSA id <0JNV00HCKVSSN840@elliott.apple.com> for rt-comment@krbdev.mit.edu; Wed, 05 Sep 2007 00:07:40 -0700 (PDT) Date: Wed, 05 Sep 2007 00:07:39 -0700 From: Austin Jennings Subject: Re: [krbdev.mit.edu #5658] kdc notify pws In-Reply-To: To: rt-comment@krbdev.mit.edu CC: Simon Cooper Message-ID: <826ADE11-5692-4310-9862-5BA25025E193@apple.com> MIME-Version: 1.0 X-Mailer: Apple Mail (2.901) Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7BIT References: X-Brightmail-Tracker: AAAAAA== RT-Send-Cc: X-RT-Original-Encoding: us-ascii Content-Length: 1091 On Sep 4, 2007, at 23:47, Ken Raeburn via RT wrote: > On Aug 29, 2007, at 01:18, Austin Jennings via RT wrote: >> This is an Apple-specific mechanism for keeping Kerberos passwords >> synchronized with other authentication mechanisms. Unfortunately, >> there really isn't any documentation to cite here. > > From looking at the patch, actually it doesn't look like it relates > to password synchronization, just ties in to some an account > management system for unspecified purposes. The code seems to have > about two lines of comments as to the purpose of these calls (at a > higher level than "send a line to the server"). > > (There is some password-synchronization code that lxs integrated a > few years ago for Apple, which at this point probably would also be > best made into a plugin, but that's another matter...) > > Ken > > > This patch predates me, so I can only speculate that it's building on top of the work that lxs did previously. I believe Simon Cooper has some familiarity with this, so you may want to get in touch him and see if he can offer some details.