On 7/14/2017 5:45 AM, Toby Blake wrote: > Hi, > > The Orpheus' Lyre vulnerability has thrown up a few questions with respect > to AFS clients on windows. Apologies if these are a little vague, but > this seems like the right place to ask them. > > We have been using the windows OpenAFS clients, as kindly provided by > Auristor/YFS. My understanding is that this comes bundled with Heimdal > Kerberos. Is this client vulnerable and requiring an update?
The Heimdal Kerberos bundled with the OpenAFS 1.7.3301 client as with all versions of Heimdal Kerberos prior to version 7.4 include the Orpheus' Lyre (CVE-2017-11103) bug. The OpenAFS client does not require an update but Heimdal does. Heimdal 7.4 installers for Windows are available from https://www.secure-endpoints.com/heimdal/#download Heimdal Kerberos releases are produced by staff from AuriStor, Inc. and Two Sigma Investments. Secure Endpoints, Inc. continues to package and distribute the Windows release. > Prior to using this client, we used the one provided on openafs.org, > along with (a separate) Heimdal Kerberos from secure-endpoints. On > earlier versions of windows, I think we used MIT Kerberos. > > Which I suppose brings me to my wider question: what AFS clients are > others using on Windows? I am unaware of any AFS client for Microsoft Windows 10 that is available from anywhere other than AuriStor, Inc. Jeffrey Altman AuriStor, Inc.
<<attachment: jaltman.vcf>>
smime.p7s
Description: S/MIME Cryptographic Signature
