User-Visible kadmin-remctl Changes
+kadmin-remctl 3.4 (unreleased)
+
+ Set the disallow-svr flag on all newly-created principals. This
+ prohibits obtaining service tickets for the principal, which provides
+ some hardening against brute force attacks. Since the create command
+ is designed for creation of user principals, not service principals,
+ and use of service tickets for user principals is quite obscure and
+ rare in Kerberos, this seems like a better default.
+
kadmin-remctl 3.3 (2013-03-25)
In the Heimdal version of kadmin-backend, retry the kadmin connection
check_password ($password);
kadmin_config ($instance) or return;
$principal = "$principal/$instance" if $instance;
- my $command = 'add_principal +requires_preauth';
+ my $command = 'add_principal +requires_preauth -allow_svr';
if ($CONFIG{$instance}{policy}) {
$command .= " -policy $CONFIG{$instance}{policy}";
} else {
# We'd like to use the default attributes, but that unfortunately doesn't
# seem to work to try loading them before the principal is actually
# created. Instead, load a default here.
- my $attrs = KRB5_KDB_REQUIRES_PRE_AUTH;
+ my $attrs = KRB5_KDB_REQUIRES_PRE_AUTH | KRB5_KDB_DISALLOW_SVR;
if ($status ne 'enabled') {
$attrs |= KRB5_KDB_DISALLOW_ALL_TIX;
}