>>>>> "john" == John Hascall <[EMAIL PROTECTED]> writes:
>> Only configurations which enable the explicit mapping or rules-based
>> mapping functionality of krb5_aname_to_localname() are vulnerable.
>> These configurations are not the default.
john> Ok, how do we know if we have enabled either of these?
john> Is it a krb5.conf setting or ...?
I think the vulnerable configurations have entries of the form
auth_to_local_names = {
aname = lname
}
(explicit mapping) or
auth_to_local = RULE:foo
(rule-based mapping) inside a realm subsection in krb5.conf.
---Tom
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
