[krbdev.mit.edu #1385] CVS Commit
Sam Hartman via RT
rt-comment at krbdev.mit.edu
Sun Mar 16 20:03:18 EST 2003
Disable krb4 cross-realm in krb524d and krb5kdc. Provide an option to
reenable (-X) which prints a warning that you are creating a security
hole.
Remove support for generating krb4 tickets encrypted using 3DES
service keys as it is insecure. They are still accepted however.
The KDc is much more strict about accepting only tickets that it would
have issued in the current configuration. In particular if the KDC
would choose some enctype for writing a TGT, other enctypes will not
be accepted when using a TGT.
To generate a diff of this commit:
cvs diff -r5.251 -r5.252 krb5/src/kdc/ChangeLog
cvs diff -r5.53 -r5.54 krb5/src/kdc/kdc_util.h
cvs diff -r5.87 -r5.88 krb5/src/kdc/kerberos_v4.c
cvs diff -r5.115 -r5.116 krb5/src/kdc/main.c
cvs diff -r1.122 -r1.123 krb5/src/krb524/ChangeLog
cvs diff -r1.28 -r1.29 krb5/src/krb524/cnv_tkt_skey.c
cvs diff -r1.55 -r1.56 krb5/src/krb524/krb524d.c
cvs diff -r5.147 -r5.148 krb5/src/lib/kdb/ChangeLog
cvs diff -r5.16 -r5.17 krb5/src/lib/kdb/keytab.c
More information about the krb5-bugs
mailing list