[OpenAFS] krb4 3des vulnerability

Russ Allbery rra@stanford.edu
Mon, 17 Mar 2003 12:56:12 -0800


Brent Johnson <Brent.A.Johnson@jpl.nasa.gov> writes:

> So does this mean if you're using kaserver you're vulnerable to this?

> Does kaserver use 3des encryption?  Is there any way to turn cross-realm
> authentication off?

My *hope* is that if you have no cross-realm keys in your kaserver you're
not vulnerable, but that's just a guess, and I'd love to get confirmation
of that....

So far as I know, kaserver doesn't support 3DES at all.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>