[16302] in Kerberos_V5_Development
Re: wrong checksum type for arcfour-hmac-md5
daemon@ATHENA.MIT.EDU (Nicolas Williams)
Wed Sep 15 15:49:12 2010
Date: Wed, 15 Sep 2010 14:48:14 -0500
From: Nicolas Williams <Nicolas.Williams@oracle.com>
To: Greg Hudson <ghudson@mit.edu>
Message-ID: <20100915194813.GU3982@oracle.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <1284577663.5992.1699.camel@ray>
Cc: Sam Hartman <hartmans@mit.edu>, "krbdev@mit.edu Dev List" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Wed, Sep 15, 2010 at 03:07:43PM -0400, Greg Hudson wrote:
> Since the authenticator checksum doesn't need to be keyed, I don't
> object in principal to messing with that specific choice for
> interoperability. I'd prefer a better understanding of the reasons why,
> though; the bug presented so far only seems to affect malformed GSSAPI
> token authenticators, and is as easy to fix in Samba as it is in MIT
> krb5.
And which is easier to patch? I'm not sure. Typically I think of
servers as easier to patch than clients -- there's usually many more of
the latter than the former. But here it may well matter for the MIT
client side to interop with currently deployed Samba servers, for
various reasons.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
