Guido Günther <[EMAIL PROTECTED]> writes: > On Thu, May 15, 2008 at 03:33:41PM +1000, Brian May wrote:
>> Apparently, Heimdal in Debian also is affected. I am not aware of any >> solution other then to manually regenerate all keys. > Could you give some details here? Password based principals aren't > affected? Password-based principals are not affected. No randomness is used in generating those keys; the secure material is the password itself, which is run through a hash algorithm. Only randomly generated keys (generally the keys you put into keytabs, but also randomized user principals if you have any) are affected. > For those using a keytabs "ktutil -k <keytab> change; ktutil -k purge > --age=<short>" is sufficient? That looks right to me, although take that with a grain of salt since I use MIT personally and am not that familiar with the Heimdal ktutil command syntax. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
