HEADS UP! Kerberos5/Heimdal now default!
Craig Boston
craig at xfoil.gank.org
Mon May 5 12:59:46 PDT 2003
Sorry for the dupe Garrett, forgot to copy the list......
> What ``extremely colorful history of ... vulnerabilities''? I can
> think of no more than five times I've had to rebuild my KDC in six
> years.
...and nearly every security advisory I've seen for Kerberos 5 in the
last year or two was actually for the Kerberos 4 compatibility code.
One of the reasons I always build the port with "KRB5_KRB4_COMPAT=NO".
The only exception I can think of at the moment was the XDR/RPC buffer
overflow, which hit a LOT of software.
Craig
More information about the freebsd-stable
mailing list