[OpenAFS] OpenAFS windows clients (Orpheus' Lyre)

Toby Blake toby@inf.ed.ac.uk
Fri, 14 Jul 2017 10:45:48 +0100


The Orpheus' Lyre vulnerability has thrown up a few questions with respect
to AFS clients on windows.  Apologies if these are a little vague, but
this seems like the right place to ask them.

We have been using the windows OpenAFS clients, as kindly provided by
Auristor/YFS.  My understanding is that this comes bundled with Heimdal
Kerberos.  Is this client vulnerable and requiring an update?

Prior to using this client, we used the one provided on openafs.org,
along with (a separate) Heimdal Kerberos from secure-endpoints.  On
earlier versions of windows, I think we used MIT Kerberos.

Which I suppose brings me to my wider question: what AFS clients are
others using on Windows?

Toby Blake
School of Informatics
University of Edinburgh

The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.