[2398] in Kerberos-V5-bugs
Re: pending/154: krb4 interface too lax in security
daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Mon Nov 4 22:36:48 1996
Date: Mon, 4 Nov 1996 22:36:13 -0500
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: krb5-bugs@MIT.EDU, John Gardiner Myers <jgm@CMU.EDU>
Cc: gnats-admin@RT-11.MIT.EDU, krb5-prs@RT-11.MIT.EDU
In-Reply-To: John Gardiner Myers's message of Mon, 4 Nov 1996 21:07:02 -0500,
<199611050207.VAA08919@rt-11.MIT.EDU>
Your patch assumes that the correct V4 key is using the CMU salttype;
that's not a good assumption. Standard V4 sites will have a salt type
of KRB5_KDB_SALTTYPE_V4, for example....
