On Jul 9, 2007, at 12:01, Russ Allbery wrote:
Ken, I assume from the previous bug discussion that this was
already fixed
in 1.6? It looks like that file now includes k5-int.h and k5-int.h
now
includes time.h.
Yes, that's correct, this shouldn't be a problem in the 1.6 branch.
Ken
--
To
Andrew Reid <[EMAIL PROTECTED]> writes:
> Will there be an "etch" security patch for this for amd64? The daemon
> runs as root, so there's a potential exploit opportunity, and even if
> there weren't, it's a possible DOS attack.
It's a DoS attack really more than an exploit (sign extension bug
On Fri, Jul 06, 2007 at 07:53:46PM -0400, Ken Raeburn wrote:
> This code path requires that the principal in question have a policy
> dictating a minimum time before the password can be changed, and a
> password change made before that time has elapsed. (I should've
> thought of that given t
On Fri, Jul 06, 2007 at 07:53:46PM -0400, Ken Raeburn wrote:
> This code path requires that the principal in question have a policy
> dictating a minimum time before the password can be changed, and a
> password change made before that time has elapsed. (I should've
> thought of that given t
I just tried on our x86_64 etch system (1.4.4-7etch1 kadmind
installed), and with a few simple tests, couldn't reproduce the
problem. I set up a realm FOOBAR.X with a user principal ken with
admin privileges, ran "kadmin -p ken -q 'cpw ken'" and then "kpasswd"
a few times, sometimes re-usi
5 matches
Mail list logo
