[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heimdal 0.6.1 + 0.5.3

"Henry B. Hotz" <hotz@jpl.nasa.gov> writes:

> Always nice to see new releases.

We should just try to do them more often.

> arcfour == rc4 == Windows encryption == Luke Howard's rc4 patch?

I suppose it's a major component. Love will have to answer this.

> This sounds a lot like the Kerb 4 cross-realm vulnerability.  Is it?
> Or is it a new relative of it that applies to Kerb 5?

It's not really related to the krb4 thing, but the end result is

> Been meaning to check this:  if you expire the password, expire the
> principal, or delete the principal does it prevent renewal?  I hope at
> least one of those does.

You can set the invalid flag, deny the rights to be a client, expire
it or its password, but it will not work to delete it, which I suppose
should be fixed too.