CVS update: samba/source
abartlet at pcug.org.au
Sun Nov 11 13:53:01 GMT 2001
"Gerald (Jerry) Carter" wrote:
> On Sun, 11 Nov 2001 abartlet at samba.org wrote:
> > This code is vunerable to a spoofed KDC, and is best replaced by
> > --with-pam and the pam_krb5 module. This module includes measures to
> > prevent such spoofing.
> We'll see if anyone yells. Please announce this on Samba at samba.org.
> This does mean that non-PAM servers will not be able to authenticate
> non-Win2k clients against a Kerberos KDC, right?
Correct. The code isn't hard to add back in, but I'll ask anybody who
does that to rework it to do a service ticket check, and to fit it in
with the new auth subsystem a little better.
I'll ping samba at samba.org.
Andrew Bartlett abartlet at pcug.org.au
Samba Team member, Build Farm maintainer abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical