Обсуждение: Re: [PATCHES] Removing Kerberos 4

"Magnus Hagander" <mha@sollentuna.net> writes:
> This patch removes Kerberos version 4 support from the backend and
> libpq. Per previous mail, I sent a mail to both hackers and -general
> about a month ago asking for ppl who use it, for zero responses. I also
> looked back in the archives and it seems it has been asked before and
> also not responded, so I think it's safe to say it's not in widespread
> use ATM. Finally, kerberos version 4 is deprecated by the kerberos
> people - for security reasons amongst others.

Last chance for any Kerberos 4 users to speak up --- otherwise I'll
apply this soon.

            regards, tom lane

Tom Lane <tgl@sss.pgh.pa.us> writes:

> Last chance for any Kerberos 4 users to speak up --- otherwise I'll
> apply this soon.

If you just want someone to test it I can do that. I don't actually use it
normally though.

As far as security issues the only issues I'm aware of is a) it uses plain DES
which is just a 56 bit key and crackable by brute force and b) cross-domain
authentication is broken.

But if you just have a single domain it's a lot simpler to set up than the
poster child for second system effect, Kerberos 5.

--
greg