> >> The attached patch completely removes krb4 support.
>
> > As long as people are still using it, I see no reason. Just the
> > other day someone reported that he was trying to get it to work in
> > his environment.
There are kits running around for krb4, I hope their DB isn't publicly
available.
> I was feeling itchy about that too. How about just adding some
> disclaimers to the docs that Kerberos 4 has known security flaws?
>
> I wouldn't mind pulling it from 7.5, if the 7.4 docs say we are
> going to and no one complains.
If you'd like, I can submit a quick patch to raise a warning if the
auth type is krb4 as a depreciation notice and something for the docs.
Sorry if this came out of the blue, the topic came up yesterday at
lunch so I submitted something to take care of the prob. At this
point in time, there is no reason for anyone to be using krb4. -sc
--
Sean Chittenden
