This issue was a major focus of discussion at today's release meeting
for MIT Kerberos upstream.
The consortium plans to:
1) Introduce a new API to enable weak crypto for a given context.
This API will not be the same as the Heimdal API for implementation
complexity reasons.
2) Look into loggin
Thomas Bushnell BSG writes:
> This is only part of the problem. The kdc log entry made it seem as if
> the principal was missing entirely--hardly accurate. But the krb5 user
> error that aklog printed was also horrible. (Giant numeric thing? Is
> that really our SOP?)
As mentioned, that's a b
On Fri, 2010-01-15 at 15:44 -0800, Russ Allbery wrote:
> > 2) Either upstream or in a Debian-specific API to be removed in the
> > future--I.E. something not in a public header--we could provide some
> > exception path for AFS.
>
> I talked to Tom on the phone about this today and proposed an addi
Sam Hartman writes:
> Here are my thoughts.
> 1) There are things we could choose to do in krb5-config to make things
> better for Debian. I made one proposal. It's not clear that's
> necessary though.
The concern I have with a fix in krb5-config is that it's not entirely
clear both what to t
Here are my thoughts.
1) There are things we could choose to do in krb5-config to make things
better for Debian.
I made one proposal. It's not clear that's necessary though.
2) Either upstream or in a Debian-specific API to be removed in the
future--I.E. something not in a public header--we coul
Thomas Bushnell BSG writes:
> I will say that the bug in unstable is at the very least a serious UI
> bug.
I think the way that MIT Kerberos handled this transition is not really
going to work well in combination with AFS. They seem to have approached
it from the perspective that AFS is just on
I apologize, on further more careful checking, it is as you say. The
security update to stable happened close in time to the regular unstable
update, and I conflated the two in my confusion about the bug.
I will say that the bug in unstable is at the very least a serious UI
bug. If the problem i
> "Thomas" == Thomas Bushnell BSG writes:
Thomas> This bug was propagated to the *stable* release because of
Thomas> the recent (minor) security issue.
Thomas, I'm having a hard time substantiating this claim.
According to my rmadison:
krb5 | 1.6.dfsg.4~beta1-5lenny2 | proposed-upda
This bug was propagated to the *stable* release because of the recent
(minor) security issue.
And *that's* an unmitigated disaster. It is very very not ok for
security patches in Debian to include *anything* which could break in
such a way. The security team and the krb5 maintainers did not revi
9 matches
Mail list logo
