Re: HEAD's UP: possible 0day SSH exploit in the wild
Russ Allbery, Thu Jul 09 2009 21:51:50 GMT+0200 (CEST):
> Peter Jordan <usernetwork@gmx.info> writes:
>
>> It would be a stand alone MIT KDC (with krb-rsh) on debian lenny.
>>
>> "safe" in the sense of "you better attack the services which depends on
>> kerberos than kerberos itself"
>
> That's what we've done at Stanford for many, many years, and I'm
> comfortable doing so. The Debian MIT Kerberos maintainers (of which I'm
> one) receive advance notice of upcoming security vulnerability
> announcements and always prepare security updates in advance for any KDC
> vulnerabilities.
>
btw is it possible to use any kind of one time password mechanism with
mit kdc?
thanks,
PJ
Reply to: