On su, 27 marras 2016, Ken Dreyer wrote:
On Wed, Nov 23, 2016 at 7:17 AM, Alexander Bokovoy <abokovoy@xxxxxxxxxx> wrote:
Heimdal does not support MS-KKDCP spec, so you are left with direct
Kerberos communication over port 88/tcp or 88/udp, but these are enabled
in Fedora infrastructure, yes.
I thought direct Kerberos service was going to be disabled, to prevent
attackers sniffing and brute-forcing the encrypted preauth timestamp?
This is really a question to Fedora Infra people but last time we
discussed, RHEL 6-based clients and alike were not getting MS-KKDCP
features backported to older MIT Kerberos versions so to support them,
direct access is required.
--
/ Alexander Bokovoy
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
