Thanks. I was wondering how blocking the port would affect password changes. It looks like it would block all password changes unless I white-list all of our machines.
Thanks, Jason Jason Edgecombe Solaris & Linux Administrator Mosaic Computing Group, College of Engineering UNC-Charlotte Phone: (704) 687-3514 -----Original Message----- From: Nicolas Williams [mailto:[EMAIL PROTECTED] Sent: Thursday, September 06, 2007 2:37 PM To: Edgecombe, Jason Cc: [email protected] Subject: Re: recent kadmin vulnernability and changing passwords On Thu, Sep 06, 2007 at 08:55:47AM -0400, Edgecombe, Jason wrote: > Hi All, > Does kpasswd use the kadmin protocol? I'm just looking at options for > mitigating the vulnerability. The Solaris kpasswd will use either the kadmin password or the kpasswd protocol. I don't recall if the same is true for the MIT kpasswd. But both protocols are served by the same kadmind binary. To mitigate the issue you can setup a packet filter that blocks connections to the kadmin port. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
