MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4 protocol
Sam Hartman
hartmans at MIT.EDU
Mon Mar 17 19:30:45 EST 2003
>>>>> "Matt" == Matt Crawford <crawdad at fnal.gov> writes:
Matt> If you'll entertain another question ... I have v4_mode =
Matt> none and do not have any cross-realm trust into my realm. I
Matt> do run krb524d. Let's take it as granted that I don't let
Matt> anyone create arbitrarily-named principals in my realm.
Matt> Vulnerable to any legitimate client?
Don't think so.
Matt> Vulnerable to someone who has a service principal's key?
Well, they can impersonate that service principal. But beyond that,
no not that I can think of.
More information about the krbdev
mailing list