Subject: Re: security flaw in Kerberos?
To: None <email@example.com>
From: Johan A.van Zanten <firstname.lastname@example.org>
Date: 09/02/2004 21:21:00
Steve Bellovin <email@example.com> wrote:
> http://www.ciac.org/ciac/bulletins/o-208.shtml -- which I assume
> applies to NetBSD, too, though I haven't verified this.
I don't think that's a good assumption to make. NetBSD's Kerberos
implementation (the implementation that is installed by default with the
OS) is based on Heimdal, which is a seperate distribution of Kerberos
v5. (It's not the MIT dist. of Kerberos.) I think it's a complete
rewrite, but i cannot remember for certain.
I've done some nominal comparisons of the patches supplied by MIT and the
what's in /usr/src/crypto/dist/heimdal, and the patches really don't look
I believe some of the Heimdal developers read these lists, so perhaps
than can give a more authoritative reply.