On Thu, 25 Jul 2013 09:11:38 -0400 (EDT) step...@physics.unc.edu wrote: > In the cell rekeying instructions found at > <http://openafs.org/pages/security/how-to-rekey.txt>, there is a note > for sites using Heimdal KDCs. It mentions a bug present in "certain > versions" of the Heimdal KDC software which completely disables DES on > the AFS service principal when following the document's instructions. > > Is more information available about specific versions of the Heimdal > KDC software which exhibits this bug? The document mentions > experimentally verifying ticket acquisition, which seems wise. But > also knowing the KDC versions which have the bug would be beneficial.
Sorry about that; this was raised very shortly before the issue became public; I wanted this note to be in there even if we couldn't provide full information, so you would be aware that _something_ was wrong with this. Allegedly it exists in 1.4 and possibly all earlier versions, and is fixed somewhere around 1.5. However, it has apparently been fixed reintroduced a couple of times, so I'm not sure if such a simple versions range is accurate. All I've actually verified so far is that it definitely is a problem on Debian's 1.4.0~git20100726.dfsg.1-2+squeeze1. > Anyone have this info? Should I post to a heimdal list instead? I'm looking around for some kind of reference I can provide for the issue or something. For now, if you want more info, you can ask the heimdal list; I'll probably do that later, but if you get to it before me, it would be helpful :) -- Andrew Deason adea...@sinenomine.net _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info