[OpenAFS] krb4 3des vulnerability

Derrick J Brashear shadow@dementia.org
Mon, 17 Mar 2003 15:51:11 -0500 (EST)


On Mon, 17 Mar 2003, Brent Johnson wrote:

> Hello,
> 
> So does this mean if you're using kaserver you're vulnerable to this?

If you've done crossrealm key exchange and you're using the kaserver.

> Does kaserver use 3des encryption? 

No.

> Is there any way to turn cross-realm authentication off?

There will be a patch. Right now, the easiest way is to delete any krbtgts
not for your local cell from your database.

grep the output of kas list for krbtgt. ignore krbtgt.YOUR.CELL and delete
all the others.