How do you find out what version of kerberos you have installed.

Discussion:

Rich

2003-01-31 10:54:07 UTC

Hi,

Hopefully someone on here can help me out, I have recently seen the
security alert for Kerberos 1.2.4 and below, and I would like to check
to see what version we have installed at our site. However I cannot
see how to do this! I have had a look on the FAQ and on google/groups
and I cannot find any pointers on how to do this. Does anyone on here
know how I can check that our compiled/installed version isn't
vunerable.

Any help that can be provided would be much appreciated.

Rich Cardwell.

Tom Yu

2003-02-04 22:14:08 UTC

Permalink

Rich> Hopefully someone on here can help me out, I have recently seen the
Rich> security alert for Kerberos 1.2.4 and below, and I would like to check
Rich> to see what version we have installed at our site.

It is not easy to determine the version for current releases of MIT
krb5. We probably will add a command line option to some of the
clients to print a library version string. For now, you may do:

strings libkrb5.so | grep BRAND

using the appropriate pathname for your installed krb5 library.

---Tom

Morrison, Wayne

2003-02-04 22:35:39 UTC

Permalink

OpenVMS Kerberos has a DCL command line interface in addition to the UNIX-style client
command lines. We added a version switch to the Kerberos DCL command for just this
reason. Here's what it outputs:

$ KERBEROS/VERSION
Kerberos for OpenVMS Version T2.0
(Based on MIT KRB5 Version 1.2.6)

For Kerberos vendors, having both the MIT version and the vendor version is important,
and we'd want to add the vendor version even if the client programs could output the
MIT version that they're based on in the future.

It seems like overkill to have all the various clients output a version string.
Having one centralized place to determine version seems like a cleaner way to
handle this issue. If I had to choose, I'd say klist is probably the best place
in the MIT code to output the version.

Wayne Morrison
Project Leader,
Kerberos for OpenVMS

-----Original Message-----
From: Tom Yu [mailto:tlyu at mit.edu]
Sent: Tuesday, February 04, 2003 5:14 PM
To:
Subject: Re: How do you find out what version of kerberos you have
installed.
Rich> Hopefully someone on here can help me out, I have recently seen the
Rich> security alert for Kerberos 1.2.4 and below, and I would like to check
Rich> to see what version we have installed at our site.

It is not easy to determine the version for current releases of MIT
krb5. We probably will add a command line option to some of the
clients to print a library version string. For now, you may do:

strings libkrb5.so | grep BRAND

using the appropriate pathname for your installed krb5 library.

---Tom
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

Ken Raeburn

2003-02-06 14:27:21 UTC

Permalink

Post by Rich
Hopefully someone on here can help me out, I have recently seen the
security alert for Kerberos 1.2.4 and below, and I would like to check
to see what version we have installed at our site. However I cannot
see how to do this! I have had a look on the FAQ and on google/groups
and I cannot find any pointers on how to do this. Does anyone on here
know how I can check that our compiled/installed version isn't
vunerable.

If you've got a recent enough version of the MIT code, on a UNIX box,
run "krb5-config --version".

If that doesn't work, you don't have a recent enough version. :-)

Ken