krb5-pkinit - The PKINIT module for Kerberos 5

Website: http://web.mit.edu/kerberos/www/
License: MIT
Vendor: Fedora Project

Kerberos is a network authentication system. The krb5-pkinit
package contains the PKINIT plugin, which allows clients
to obtain initial credentials from a KDC using a private key and a


krb5-pkinit-1.13.1-3.fc22.s390x [147 KiB] Changelog by Roland Mainz (2015-05-04):
- fix for CVE-2015-2694 (#1216133) "requires_preauth bypass
  in PKINIT-enabled KDC".
  In MIT krb5 1.12 and later, when the KDC is configured with
  PKINIT support, an unauthenticated remote attacker can
  bypass the requires_preauth flag on a client principal and
  obtain a ciphertext encrypted in the principal's long-term
  key.  This ciphertext could be used to conduct an off-line
  dictionary attack against the user's password.

