Kerberos Password Sniffing

Sam Hartman hartmans at
Sun Dec 1 16:02:37 EST 2002

[Very much speaking as myself, not as a member of the MIT Kerberos
team or an employee of MIT.]

>>>>> "Frank" == Frank O'Dwyer <fod at> writes:

    Frank> Can you elaborate on the solutions that are being
    Frank> considered and what the timetable is?

    Frank> Also at the risk of sounding curmudgeonly, what's the hold
    Frank> up? I and others have been banging on about this
    Frank> vulnerability for years now. 

The hold up is that all the people involved are quite busy just
getting the base Kerberos spec working and that with few exceptions
people go around complaining about this issue but never volunteer to
do work either on an implementation or on standards documents.

Considering that both the standards process and several
implementations are open, I think you have very little room to
complain unless you're willing to put in the time or money to see that
issues you care about are dealt with.

More information about the Kerberos mailing list