Date: Mon, 5 May 2003 15:50:05 -0400 (EDT) From: Garrett Wollman <wollman@lcs.mit.edu> To: Doug Barton <DougB@freebsd.org> Cc: current@freebsd.org Subject: Re: HEADS UP! Kerberos5/Heimdal now default! Message-ID: <200305051950.h45Jo5Pu026249@khavrinen.lcs.mit.edu> In-Reply-To: <20030505052615.R2996@znfgre.qbhto.arg> References: <200305050845.h458j38c069038@grimreaper.grondar.org> <20030505121050.GC21530@madman.celabo.org> <20030505052615.R2996@znfgre.qbhto.arg>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Mon, 5 May 2003 05:37:37 -0700 (PDT), Doug Barton <DougB@freebsd.org> said: > I'm going to assume that as security officer you're aware of the extremely > colorful history of kerberos's many vulnerabilities. :) What ``extremely colorful history of ... vulnerabilities''? I can think of no more than five times I've had to rebuild my KDC in six years. > Also, I'm not impressed with the, "But this is kerb 5, not kerb 4" > argument, since up till recently the limited deployed base of kerb 5 has > not made it a very attractive target for hackers. Kerberos 5 is in every single Windows (>= 2000) installation in the world. It has a larger installed base than any release of FreeBSD. If there are any fundamental protocol vulnerabilities, they would be known by now. -GAWollman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200305051950.h45Jo5Pu026249>