[2402] in Kerberos-V5-bugs
Re: pending/154: krb4 interface too lax in security
daemon@ATHENA.MIT.EDU (Marc Horowitz)
Tue Nov 5 21:21:31 1996
To: John Gardiner Myers <jgm@CMU.EDU>
Cc: krb5-bugs@MIT.EDU, gnats-admin@rt-11.MIT.EDU, krb5-prs@rt-11.MIT.EDU,
"Theodore Y. Ts'o" <tytso@MIT.EDU>
Date: Tue, 05 Nov 1996 21:21:11 EST
From: Marc Horowitz <marc@MIT.EDU>
>> So, to do this, we need to be a bit more sophisticated. Pass in an
>> argument to the routine which says whether or not arbitrary salts are
>> ok, or add an option in kdc.conf which turns off the v4 initial ticket
>> protocol. Do you have any preferences?
I say don't beat around the bush. If you want to turn off the v4
in_tkt code, then we should have a flag which does just and exactly
that. The semantics are a lot cleaner than a flag which says "whether
or not arbitrary salts are ok", which is going to be meaningless to
95% of the users.
Marc
