MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4 protocol

Sam Hartman hartmans at MIT.EDU
Mon Mar 17 19:30:45 EST 2003

>>>>> "Matt" == Matt Crawford <crawdad at> writes:

    Matt> If you'll entertain another question ...  I have v4_mode =
    Matt> none and do not have any cross-realm trust into my realm.  I
    Matt> do run krb524d.  Let's take it as granted that I don't let
    Matt> anyone create arbitrarily-named principals in my realm.

    Matt> Vulnerable to any legitimate client?

Don't think so.

    Matt> Vulnerable to someone who has a service principal's key?

Well, they can impersonate that service principal.  But beyond that,
no not that I can think of.

More information about the krbdev mailing list