[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Heimdal 0.6.1 + 0.5.3
"Henry B. Hotz" <firstname.lastname@example.org> writes:
> Always nice to see new releases.
We should just try to do them more often.
> arcfour == rc4 == Windows encryption == Luke Howard's rc4 patch?
I suppose it's a major component. Love will have to answer this.
> This sounds a lot like the Kerb 4 cross-realm vulnerability. Is it?
> Or is it a new relative of it that applies to Kerb 5?
It's not really related to the krb4 thing, but the end result is
> Been meaning to check this: if you expire the password, expire the
> principal, or delete the principal does it prevent renewal? I hope at
> least one of those does.
You can set the invalid flag, deny the rights to be a client, expire
it or its password, but it will not work to delete it, which I suppose
should be fixed too.