Re: upcoming build and release developer flag day December 12 2016

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 28 Nov 2016 11:51:36 -0500
Nathaniel McCallum <npmccallum@xxxxxxxxxx> wrote:

> On Mon, Nov 28, 2016 at 3:10 AM, Alexander Bokovoy
> <abokovoy@xxxxxxxxxx> wrote:
> > On su, 27 marras 2016, Ken Dreyer wrote:  
> >>
> >> On Wed, Nov 23, 2016 at 7:17 AM, Alexander Bokovoy
> >> <abokovoy@xxxxxxxxxx> wrote:  
> >>>
> >>> Heimdal does not support MS-KKDCP spec, so you are left with
> >>> direct Kerberos communication over port 88/tcp or 88/udp, but
> >>> these are enabled in Fedora infrastructure, yes.  
> >>
> >>
> >> I thought direct Kerberos service was going to be disabled, to
> >> prevent attackers sniffing and brute-forcing the encrypted preauth
> >> timestamp?  
> >
> > This is really a question to Fedora Infra people but last time we
> > discussed, RHEL 6-based clients and alike were not getting MS-KKDCP
> > features backported to older MIT Kerberos versions so to support
> > them, direct access is required.  
> 
> Correct. The Fedora Infrastructure team needs to balance the risk of
> MitM offline dictionary attacks with the need for RHEL6 client access.
> 
> IMHO, there should already be a plan to sunset RHEL6 instances. But I
> can't judge this based upon Fedora's internal needs.

Right, RHEL6 is still a supported client for us, so we are currently
providing access so they can work. 

As soon as something happens to let us drop that direct access we
likely will do so. ;) 

kevin

Attachment: pgpPtiOFNi2_2.pgp
Description: OpenPGP digital signature

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux