PATCH: Kerberos password authentication w/o KDC verification
Dug Song
dugsong at monkey.org
Tue Dec 18 07:24:29 EST 2001
On Mon, Dec 17, 2001 at 11:56:34AM -0800, Booker C. Bense wrote:
> - You need to make it very clear that you are opening your box
> wide open for the sake of convience. There was a security advisory
> posted last year about exactly why this is a bad idea. I can't
> seem to find the reference at the moment.
http://www.monkey.org/~dugsong/kdcspoof.tar.gz
-d.
---
http://www.monkey.org/~dugsong/
More information about the openssh-unix-dev
mailing list