Dropping support for v5passwdd and kadmind4 in Kerberos 1.4?
hartmans at MIT.EDU
Tue Aug 5 12:29:48 EDT 2003
The v5passwdd program implements a password changing protocol that we
believe very few people use. I believe at least one version of some
terminal server may implement this protocol, but it is old. The code
tends not to get run, supported, or tested. I suspect all we know
about it is that it compiles.
The kadmind4 program implements the krb4 administration protocol by
proxying to the krb5 admin program. IT has had at least one serious
vulnerability in the recent past. The style of code makes auditing
difficult and it would probably improve security to remove this code.
I believe that if we plan to remove these programs we should decide
now and send an announcement to kerberos-announce letting people know
they will disappear in the next major release of Kerberos.
More information about the krbdev