LinuxSecurity.com: A vulnerability was discovered and corrected in krb5:The merge_authdata function in kdc_authdata.c in the Key DistributionCenter (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 doesnot properly manage an index into an authorization-data list, which[More...]
KRB524_CONVERT_CREDS_KDC(3) BSD Library Functions Manual KRB524_CONVERT_CREDS_KDC(3)NAME
krb524_convert_creds_kdc, krb524_convert_creds_kdc_ccache -- converts Kerberos 5 credentials to Kerberos 4 credentials
LIBRARY
Kerberos 5 Library (libkrb5, -lkrb5)
SYNOPSIS
#include <krb5.h>
krb5_error_code
krb524_convert_creds_kdc(krb5_context context, krb5_creds *in_cred, struct credentials *v4creds);
krb5_error_code
krb524_convert_creds_kdc_ccache(krb5_context context, krb5_ccache ccache, krb5_creds *in_cred, struct credentials *v4creds);
DESCRIPTION
Convert the Kerberos 5 credential to Kerberos 4 credential. This is done by sending them to the 524 service in the KDC.
krb524_convert_creds_kdc() converts the Kerberos 5 credential in in_cred to Kerberos 4 credential that is stored in credentials.
krb524_convert_creds_kdc_ccache() is different from krb524_convert_creds_kdc() in that way that if in_cred doesn't contain a DES session key,
then a new one is fetched from the KDC and stored in the cred cache ccache, and then the KDC is queried to convert the credential.
This interfaces are used to make the migration to Kerberos 5 from Kerberos 4 easier. There are few services that still need Kerberos 4, and
this is mainly for compatibility for those services. Some services, like AFS, really have Kerberos 5 supports, but still uses the 524 inter-
face to make the migration easier.
SEE ALSO krb5(3), krb5.conf(5)HEIMDAL March 20, 2004 HEIMDAL