2003-03-17: Security advisory regarding v4 cross-realm

All versions of the kdc are vulnerable to a protocol bug in the kerberos v4 cross-realm operation.

0.5.2 has a new option to disable v4 cross-realm (while still supporting local-realm v4 and cross-realm v5).

If you are running a version older than 0.5.2 AND have Kerberos 4 support enabled in the KDC, you should remove all the cross-realm keys in your database until you have time to upgrade.

See also the MIT advisory and CAN-2003-0138.

Valid XHTML 1.0!