From owner-freebsd-security  Wed Aug 22  9:29:10 2001
Delivered-To: freebsd-security@freebsd.org
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
	by hub.freebsd.org (Postfix) with ESMTP id 31D4C37B432
	for <freebsd-security@FreeBSD.ORG>; Wed, 22 Aug 2001 09:28:59 -0700 (PDT)
	(envelope-from wollman@khavrinen.lcs.mit.edu)
Received: (from wollman@localhost)
	by khavrinen.lcs.mit.edu (8.11.4/8.11.4) id f7MGSud60744;
	Wed, 22 Aug 2001 12:28:56 -0400 (EDT)
	(envelope-from wollman)
Date: Wed, 22 Aug 2001 12:28:56 -0400 (EDT)
From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Message-Id: <200108221628.f7MGSud60744@khavrinen.lcs.mit.edu>
To: Dave Ryan <dave.ryan@eircom.net>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: kerberosIV
In-Reply-To: <20010822140020.A1911@alpha.eng.eircom.net>
References: <3B83A8BC.BCF790A0@karolinelund.dk>
	<20010822140020.A1911@alpha.eng.eircom.net>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

<<On Wed, 22 Aug 2001 14:00:20 +0100, Dave Ryan <dave.ryan@eircom.net> said:

> There is quite a bit of documentation for KerberosV and its quite easy to
> setup, I would suggest moving to that if you have no specific reason for
> using kerberosIV. Heimdal is in the ports.

Furthermore, there are substantial weaknesses in the v4 protocol which
are fixed in v5.  Unless there is a need to be backward-compatible
at an existing site, v4 should never be installed (not even the v5
code in v4-compatibility mode).

-GAWollman


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message