Password-Changing Protocol
draft-gellens-password-00
| Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
|---|---|---|---|
| Author | Randall Gellens | ||
| Last updated | 2001-02-23 | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
A number of existing clients and servers currently support the 'poppassd' protocol for changing passwords. This protocol is extremely insecure, as it transmits the user name, current and new passwords in clear text. It also has more round-trips than needed, and lacks an extension mechanism. In addition, it is not possible to specify for which service(s) the password is to be changed. The protocol also traditionally usurps port 106, which is actually assigned for a different purpose.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)