[3778] in Release_7.7_team
Re: Kerberos v4 Interrealm disabled from Athena KDCs: potentially affects AFS and Zephyr use
daemon@ATHENA.MIT.EDU (Garry Zacheiss)
Mon Mar 17 00:43:51 2003
Message-Id: <200303170543.AAA32738@riff-raff.mit.edu>
To: tb@becket.net (Thomas Bushnell, BSG)
cc: release-team@MIT.EDU
In-Reply-To: Your message of "16 Mar 2003 21:40:44 PST."
<87wuiy5z4z.fsf@becket.becket.net>
Date: Mon, 17 Mar 2003 00:43:49 -0500
From: Garry Zacheiss <zacheiss@MIT.EDU>
>> Do I understand correctly that if one is happily using v5 Kerberos for
>> everything, that there will be no problems at all? I think that's true,
>> but I'm not certain from the message that was sent.
If you're running your own KDCs and have shared keys with any realms,
you should disable krb4 interrealm; there'll be details in an MIT krb5
security advisory being released later today.
If you're coming from the perspective of an Athena user accessing
Athena services, you don't need to alter your behavior at all. Whie
it's not true in that case that you're "using v5 Kerberos for
everything", it's close enough to true, in that krb4 within a realm is
unaffected.
Garry
