recent kadmin vulnernability and changing passwords
Nicolas Williams
Nicolas.Williams at sun.com
Thu Sep 6 14:37:15 EDT 2007
On Thu, Sep 06, 2007 at 08:55:47AM -0400, Edgecombe, Jason wrote:
> Hi All,
> Does kpasswd use the kadmin protocol? I'm just looking at options for
> mitigating the vulnerability.
The Solaris kpasswd will use either the kadmin password or the kpasswd
protocol. I don't recall if the same is true for the MIT kpasswd.
But both protocols are served by the same kadmind binary. To mitigate
the issue you can setup a packet filter that blocks connections to the
kadmin port.
More information about the Kerberos
mailing list