2002-09-11: Security advisory regarding kf/kfd

Kf and kfd are used to forward credentials in a stand-alone fashion. Work on them never really finished, and in releases earlier than Heimdal 0.5 they had multiple security issues, including possible buffer overruns. Their use has never been recommended.

If you are using kfd from earlier releases, we recommend that you stop doing so until you have time to upgrade to 0.5. If you are unsure what version you have installed, you can run kfd --version:

# /usr/heimdal/libexec/kfd --version
kfd (Heimdal 0.5, KTH-KRB 1.2)
Copyright (c) 1999-2002 Kungliga Tekniska Högskolan
Send bug-reports to heimdal-bugs@pdc.kth.se

Valid XHTML 1.0!