[src/netbsd-1-6]: src/crypto/dist/heimdal/kdc Pull up revision 1.10 (requeste...

[tron <tron%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/0c04a64d7e0a
branches:  netbsd-1-6
changeset: 530189:0c04a64d7e0a
user:      tron <tron%NetBSD.org@localhost>
date:      Fri Mar 21 09:22:02 2003 +0000

description:
Pull up revision 1.10 (requested by lha in ticket #1225):
Fix Kerberos 4 procotocol problem mentioned in
[MIT krb5 Security Advisory 2003-004]/[heimdal-0.5.2 release notes]
by disable support for it.

diffstat:

 crypto/dist/heimdal/kdc/kdc.8 |  9 ++++++++-
 1 files changed, 8 insertions(+), 1 deletions(-)

diffs (30 lines):

diff -r 8b7ed6432f5d -r 0c04a64d7e0a crypto/dist/heimdal/kdc/kdc.8
--- a/crypto/dist/heimdal/kdc/kdc.8     Fri Mar 21 09:21:54 2003 +0000
+++ b/crypto/dist/heimdal/kdc/kdc.8     Fri Mar 21 09:22:02 2003 +0000
@@ -1,4 +1,4 @@
-.\" $Id: kdc.8,v 1.6 2001/06/19 22:39:55 assar Exp $
+.\" $Id: kdc.8,v 1.6.2.1 2003/03/21 09:22:02 tron Exp $
 .\"
 .Dd July 27, 1997
 .Dt KDC 8
@@ -20,6 +20,7 @@
 .Fl -v4-realm= Ns Ar string
 .Xc
 .Oc
+.Op Fl -kerberos4-cross-realm
 .Op Fl K | Fl -no-kaserver
 .Op Fl r Ar realm
 .Op Fl -v4-realm= Ns Ar realm
@@ -58,6 +59,12 @@
 Gives an upper limit on the size of the requests that the kdc is
 willing to handle.
 .It Xo
+.Fl -kerberos4-cross-realm
+.Xc
+respond to kerberos 4 requests from foreign realms.
+This is a known security hole and should not be enabled unless you
+understand the consequences and are willing to live with them.
+.It Xo
 .Fl H Ns ,
 .Fl -enable-http
 .Xc