[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security/kth-krb4
Module Name: pkgsrc
Committed By: marino
Date: Mon Nov 28 19:33:13 UTC 2011
pkgsrc/security/kth-krb4: Makefile PLIST distinfo
security/kth-krb4: Add DragonFly and FreeBSD support
The majority of these patches were inspired from FreeBSD's ports. FreeBSD,
along with at least Debian, have removed Kerberos4 due to secuity concerns.
From: http://web.mit.edu/kerberos/krb4-end-of-life.html :
"Serious protocol flaws have been found in Kerberos 4. These flaws permit
attacks which require far less effort than an exhaustive search of the DES
key space. These flaws make Kerberos 4 cross-realm authentication an
unacceptable security risk and raise serious questions about the security of
the entire Kerberos 4 protocol.
The known insecurity of DES, combined with the recently discovered protocol
flaws, make it extremely inadvisable to rely on the security of version 4 of
the Kerberos protocol. These factors motivate the MIT Kerberos Team to remove
support for Kerberos version 4 from the MIT implementation of Kerberos."
This end-of-life announcement is dated 19 October 2006. I think it's a
good question to ask why this package and the packages that depend on it
are still in pkgsrc.
To generate a diff of this commit:
cvs rdiff -u -r1.53 -r1.54 pkgsrc/security/kth-krb4/Makefile
cvs rdiff -u -r1.17 -r1.18 pkgsrc/security/kth-krb4/PLIST
cvs rdiff -u -r1.13 -r1.14 pkgsrc/security/kth-krb4/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/security/kth-krb4/patches/patch-aa
cvs rdiff -u -r0 -r1.1 \
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Main Index |
Thread Index |