Hi There
Our two OpenBSD 3.8 KDC's are working nicely, but the latest security
announcements from heimdal resulted in some questions from the sysadm.
As far as I can see the issues only involves deprecated services like
telnet and rsh which are disabled anyway.
In 3.8 heimdal 0.6.3 (+patches) is default, but there are 0.6.6 and
0.7.2 releases on the heimdal homepage. Should I upgrade manually or are
there good reasons not to? Are there a good reason not to use the 0.7.x
branch?
BTW I'm thinking about hacking heimdal to make it use CryptoCard OTP
tokens. Has anybody else tried this? My idea was use the quicklog mode
and simplify things by synchronizing the token via a seperate channel
(eg. a web service).
Regards, Tom
--
Tom Helmer Hansen
IT security consultant
Roskilde University, Denmark
Direct: +45 4674 3720
Mobile: +45 2887 0055
