MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4 protocol
crawdad at fnal.gov
Mon Mar 17 19:13:18 EST 2003
If you'll entertain another question ...
I have v4_mode = none and do not have any cross-realm trust into my
realm. I do run krb524d. Let's take it as granted that I don't let
anyone create arbitrarily-named principals in my realm.
Vulnerable to any legitimate client?
Vulnerable to someone who has a service principal's key?
More information about the krbdev