Re: [PATCHES] Removing Kerberos 4

Поиск
Список
Период
Сортировка
От Magnus Hagander
Тема Re: [PATCHES] Removing Kerberos 4
Дата
Msg-id 6BCB9D8A16AC4241919521715F4D8BCE094556@algol.sollentuna.se
обсуждение исходный текст
Ответы Re: [PATCHES] Removing Kerberos 4  (Tom Lane <tgl@sss.pgh.pa.us>)
Список pgsql-hackers
Дерево обсуждения 
> > Last chance for any Kerberos 4 users to speak up --- otherwise I'll
> > apply this soon.
>
> If you just want someone to test it I can do that. I don't
> actually use it normally though.

I don't think "just testing" is enough - somebody needs to actually
maintain it...


> As far as security issues the only issues I'm aware of is a)
> it uses plain DES which is just a 56 bit key and crackable by
> brute force and b) cross-domain authentication is broken.

Yeah. But it has been declared dead by the Kerberos folks
(http://www.faqs.org/faqs/kerberos-faq/general/section-7.html. And this
document is from 2000, an dit was declared already then)...


//Magnus

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Greg Stark
Дата:
Сообщение: Re: commit_delay, siblings
Следующее
От: "Merlin Moncure"
Дата:
Сообщение: Re: pl/pgsql: END verbosity