Re: [DSA 1571-1] Heimdal
Guido Günther <email@example.com> writes:
> On Thu, May 15, 2008 at 03:33:41PM +1000, Brian May wrote:
>> Apparently, Heimdal in Debian also is affected. I am not aware of any
>> solution other then to manually regenerate all keys.
> Could you give some details here? Password based principals aren't
Password-based principals are not affected. No randomness is used in
generating those keys; the secure material is the password itself, which
is run through a hash algorithm. Only randomly generated keys (generally
the keys you put into keytabs, but also randomized user principals if you
have any) are affected.
> For those using a keytabs "ktutil -k <keytab> change; ktutil -k purge
> --age=<short>" is sufficient?
That looks right to me, although take that with a grain of salt since I
use MIT personally and am not that familiar with the Heimdal ktutil
Russ Allbery (firstname.lastname@example.org) <http://www.eyrie.org/~eagle/>