MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4
Mike Friedman
mikef at ack.Berkeley.EDU
Mon Mar 17 18:39:22 EST 2003
On Mon Mar 17 15:27:48 2003, Sam Hartman said:
> Enabling v4 keys in kdc.conf does not matter. The question is whether
> KDC support for v4 is on. If you run with -4 none or -4 disabled on
> the command line and do not run krb524d you are not vulnerable.
Sam,
If I don't use DES3 keys at all in my KDC, do I still need to run with
'V4 none' or 'V4 disable' to be protected?
Mike
------------------------------------------------------------------------------
Mike Friedman System and Network Security
mikef at ack.Berkeley.EDU 2484 Shattuck Avenue
1-510-642-1410 University of California at Berkeley
http://ack.Berkeley.EDU/~mikef http://security.berkeley.edu
------------------------------------------------------------------------------
More information about the krbdev
mailing list