Questions on kerb 4 vice kerb 5
Henry B. Hotz
hotz at jpl.nasa.gov
Wed Nov 14 20:50:13 CET 2001
OK, I know Arla has some tools that will get tokens directly with
kerberos 4 instead of the funny AFS protocol that klog uses. In both
cases I think we are still vulnerable to the well-known kerberos 4
replay attacks.
If we trash the Transarc kaserver and use a kerberos 5 server instead
then does that really solve the problem? Can I use something like
aklog and get an AFS token that works without ever using any
vulnerable protocol?
Presuming the last is a yes, can you do the same thing with OpenAFS
or a real Transarc thingy?
--
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the Arla-drinkers
mailing list