** Description changed:
The allow_weak_crypto krb5.conf option was added to Heimdal during the
1.2 release, but was implemented incorrectly. The check for desired
enctypes was performed before the check to see if allow_weak_crypto is
true.
This has the unfortunate effect of resulting in a completely empty
enctypes list if the configured list of desired enctypes contains only
enctypes classified as "weak", since the "weak" enctypes are not valid
choices (and are thus kicked out of contention) until after the
filtering of the desired enctypes list is performed.
This feature was implemented during the 1.2 release of Heimdal, on 2008-08-17:
https://github.com/heimdal/heimdal/commit/aa3cf9664515246bb8a9674ef270ba9433e0f25c
And the logic was corrected to the proper behavior after the release of 1.4,
on 2010-10-02:
https://github.com/heimdal/heimdal/commit/799956e9b7ebdeecd2df202638f7656a25664ed9
- - Lucid provides Heimdal packages from the 1.2 branch
(1.2.e1.dfsg.1-1ubuntu1) that contain the mis-implemented version.
- - Maverick provides Heimdal packages from the 1.4 branch
(1.4.0~git20100605.dfsg.1-2) that pre-date the fix.
- - Natty contains Heimdal packages from the 1.4 branch (1.4.0+git20110124)
that post-date the fix.
+ - Lucid provides Heimdal packages from the 1.2 branch
(1.2.e1.dfsg.1-1ubuntu1) that pre-date the implementation of allow_weak_crypto.
+ - Maverick provides Heimdal packages from the 1.4 branch
(1.4.0~git20100605.dfsg.1-2) that contain the mis-implemented version of the
feature.
+ - Natty contains Heimdal packages from the 1.4 branch (1.4.0+git20110124)
that contain the corrected version of the feature.
In addition to being fixed upstream and released in Natty, a new enough
version has also been released in Debian Experimental
(1.4.0+git20110411.dfsg.1-1).
** Summary changed:
- Lucid/Maverick heimdal packages have broken allow_weak_crypto implementation
+ Lucid/Maverick heimdal packages have missing/broken allow_weak_crypto
implementation
** Description changed:
The allow_weak_crypto krb5.conf option was added to Heimdal during the
1.2 release, but was implemented incorrectly. The check for desired
enctypes was performed before the check to see if allow_weak_crypto is
true.
This has the unfortunate effect of resulting in a completely empty
enctypes list if the configured list of desired enctypes contains only
enctypes classified as "weak", since the "weak" enctypes are not valid
choices (and are thus kicked out of contention) until after the
filtering of the desired enctypes list is performed.
This feature was implemented during the 1.2 release of Heimdal, on 2008-08-17:
https://github.com/heimdal/heimdal/commit/aa3cf9664515246bb8a9674ef270ba9433e0f25c
And the logic was corrected to the proper behavior after the release of 1.4,
on 2010-10-02:
https://github.com/heimdal/heimdal/commit/799956e9b7ebdeecd2df202638f7656a25664ed9
- - Lucid provides Heimdal packages from the 1.2 branch
(1.2.e1.dfsg.1-1ubuntu1) that pre-date the implementation of allow_weak_crypto.
+ - Lucid provides Heimdal packages from the 1.2 branch
(1.2.e1.dfsg.1-1ubuntu1) but do not contain any implementation of
allow_weak_crypto.
- Maverick provides Heimdal packages from the 1.4 branch
(1.4.0~git20100605.dfsg.1-2) that contain the mis-implemented version of the
feature.
- Natty contains Heimdal packages from the 1.4 branch (1.4.0+git20110124)
that contain the corrected version of the feature.
In addition to being fixed upstream and released in Natty, a new enough
version has also been released in Debian Experimental
(1.4.0+git20110411.dfsg.1-1).
** Description changed:
The allow_weak_crypto krb5.conf option was added to Heimdal during the
1.2 release, but was implemented incorrectly. The check for desired
enctypes was performed before the check to see if allow_weak_crypto is
true.
This has the unfortunate effect of resulting in a completely empty
enctypes list if the configured list of desired enctypes contains only
enctypes classified as "weak", since the "weak" enctypes are not valid
choices (and are thus kicked out of contention) until after the
filtering of the desired enctypes list is performed.
This feature was implemented during the 1.2 release of Heimdal, on 2008-08-17:
https://github.com/heimdal/heimdal/commit/aa3cf9664515246bb8a9674ef270ba9433e0f25c
And the logic was corrected to the proper behavior after the release of 1.4,
on 2010-10-02:
https://github.com/heimdal/heimdal/commit/799956e9b7ebdeecd2df202638f7656a25664ed9
- Lucid provides Heimdal packages from the 1.2 branch
(1.2.e1.dfsg.1-1ubuntu1) but do not contain any implementation of
allow_weak_crypto.
- Maverick provides Heimdal packages from the 1.4 branch
(1.4.0~git20100605.dfsg.1-2) that contain the mis-implemented version of the
feature.
- - Natty contains Heimdal packages from the 1