Is anybody planning to update the base system heimdal, which has been
largely untouched since May 2008? In addition to the many other
bug-fixes and improvements in the current version 1.3.3 (see, for
example:
http://www.h5l.org/releases.html
), there are patches for heimdal vulnerabilities 2010-05-27 and
2010-03-21 (CVE-2010-1321), which are described at:
http://www.h5l.org/advisories.html
Others have mentioned that they have problems using our base system
heimdal -- problems that cannot be easily circumvented by rebuilding
WITHOUT_KERBEROS, and using security/krb5 (security/heimdal is badly
outdated), because this leaves various dependent base system utilities
behind, if they are not modified.
Regards,
b.
<<On Sun, 6 Jun 2010 16:41:59 +0000, "b. f." <bf1783@googlemail.com> said:> Is anybody planning to update the base system heimdal, which has been > largely untouched since May 2008?I would love for it to go away entirely, and those base-system components that depend on it to learn how to use either Kerberos implementation from ports. (I'd also love for the ancient and broken base version of libcom_err to go away -- there's no knob to turn it off, and the shared library conflicts with ports/krb5.) (And yes, this is a bit of an irony considering that I used to be the maintainer of the base-system Kerberos code in the long-ago krb4 days. But my job requires me to administer MIT Kerberos, so I need the MIT kadmin utility and not the Heimdal one.) -GAWollman