Steve Bellovin <smb@research.att.com> wrote:
> http://www.ciac.org/ciac/bulletins/o-208.shtml -- which I assume 
> applies to NetBSD, too, though I haven't verified this.

 I don't think that's a good assumption to make.  NetBSD's Kerberos
 implementation (the implementation that is installed by default with the
 OS) is based on Heimdal, which is a seperate distribution of Kerberos
 v5. (It's not the MIT dist. of Kerberos.)  I think it's a complete
 rewrite, but i cannot remember for certain.


 I've done some nominal comparisons of the patches supplied by MIT and the
what's in /usr/src/crypto/dist/heimdal, and the patches really don't look
applicable.

 I believe some of the Heimdal developers read these lists, so perhaps
than can give a more authoritative reply.

 -johan