HEADS UP! Kerberos5/Heimdal now default!

Craig Boston craig at xfoil.gank.org
Mon May 5 12:59:46 PDT 2003


Sorry for the dupe Garrett, forgot to copy the list......

> What ``extremely colorful history of ... vulnerabilities''?  I can
> think of no more than five times I've had to rebuild my KDC in six
> years.

...and nearly every security advisory I've seen for Kerberos 5 in the
last year or two was actually for the Kerberos 4 compatibility code. 
One of the reasons I always build the port with "KRB5_KRB4_COMPAT=NO".

The only exception I can think of at the moment was the XDR/RPC buffer
overflow, which hit a LOT of software.

Craig



More information about the freebsd-stable mailing list