[OpenAFS] Re: Heimdal KDC bug mentioned in rekeying document
Tue, 30 Jul 2013 12:57:04 +0200 (CEST)
> Secure Endpoints has pushed fixes to https://github.com/heimdal/heimdal
> for both the 'master' (aka pre-1.6) and 'heimdal-1-5-branch' branches.
Warning: Real-life results show that the code path for preauth always
seems to go through the strongest enctype configured (for example
aes256), even if the users principal does not have a key of that
enctype. So these users (*) will not be able to obtain tickets any
more (at least not without password change to get those new keys).
A more detailed report will probably follow from the testers.
(*) for example users with enctypes up to aes128 who have not changed
their password since the newest enctype aes256 has been available.