projects / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1b190c9) | patch
Disable krb4 cross-realm in krb524d and krb5kdc. Provide an option to
authorSam Hartman <hartmans@mit.edu>
Mon, 17 Mar 2003 01:03:11 +0000 (01:03 +0000)
committerSam Hartman <hartmans@mit.edu>
Mon, 17 Mar 2003 01:03:11 +0000 (01:03 +0000)
commiteeefea9966e50bf16af6e2df9e8b74d892598bef
treea90a9b3603e6fec48c0b7febcb26e0c83e01752ftree | snapshot
parent1b190c9ac0a47f4dbd8db4a2e191758fc8d030f7commit | diff
Disable krb4 cross-realm in krb524d and krb5kdc.  Provide an option to
reenable (-X) which prints a warning that you are creating a security
hole.

Remove support for generating krb4 tickets encrypted using 3DES
service keys as it is insecure.  They are still accepted however.

The KDc is much more strict about accepting only tickets that it would
have issued in the current configuration.  In particular if the KDC
would choose some enctype for writing a TGT, other enctypes will not
be accepted when using a TGT.

Ticket: 1385
Target_Version: 1.3
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15286 dc483132-0cff-0310-8789-dd5450dbe970
src/kdc/ChangeLog diff | blob | history
src/kdc/kdc_util.h diff | blob | history
src/kdc/kerberos_v4.c diff | blob | history
src/kdc/main.c diff | blob | history
src/krb524/ChangeLog diff | blob | history
src/krb524/cnv_tkt_skey.c diff | blob | history
src/krb524/krb524d.c diff | blob | history
src/lib/kdb/ChangeLog diff | blob | history
src/lib/kdb/keytab.c diff | blob | history
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.