krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin

Property Value
Distribution Debian 8 (Jessie)
Repository Debian Main amd64
Package name krb5-kdc-ldap
Package version 1.12.1+dfsg
Package release 19+deb8u4
Package architecture amd64
Package type deb
Installed size 259 B
Download size 109.19 KB
Official Mirror
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service.  That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
This is the MIT reference implementation of Kerberos V5.
This package contains the LDAP plugin for the Kerberos key server (KDC)
and supporting utilities.  This plugin allows the KDC data to be stored
in an LDAP server rather than the default local database.  It should be
installed on both master and slave KDCs that use LDAP as a storage


Package Version Architecture Repository
krb5-kdc-ldap_1.12.1+dfsg-19+deb8u4_i386.deb 1.12.1+dfsg i386 Debian Main
krb5-kdc-ldap - - -


Name Value
krb5-kdc = 1.12.1+dfsg-19+deb8u4
libc6 >= 2.14
libcomerr2 >= 1.01
libgssapi-krb5-2 >= 1.6.dfsg.2
libgssrpc4 >= 1.6.dfsg.2
libk5crypto3 >= 1.7+dfsg
libkadm5srv-mit9 >= 1.12~alpha1+dfsg
libkdb5-7 -
libkeyutils1 >= 1.4
libkrb5-3 >= 1.6.dfsg.2
libkrb5support0 >= 1.12~alpha1+dfsg
libldap-2.4-2 >= 2.4.7


Type URL
Binary Package krb5-kdc-ldap_1.12.1+dfsg-19+deb8u4_amd64.deb
Source Package krb5

Install Howto

  1. Update the package index:
    # sudo apt-get update
  2. Install krb5-kdc-ldap deb package:
    # sudo apt-get install krb5-kdc-ldap




2017-08-28 - Sam Hartman <>
krb5 (1.12.1+dfsg-19+deb8u4) jessie; urgency=medium
* New version number; same code as deb8u3 but rebuilt to build arch all
packages and because dgit doesn't deal well with reusing a version
number when a package is rejected
2017-08-13 - Sam Hartman <>
krb5 (1.12.1+dfsg-19+deb8u3) jessie; urgency=high
* CVE-2017-11368: Remote authenticated attackers can crash the KDC,
Closes: #869260
*  fix for CVE-2016-3120 (kdc crash on restrict_anon_to_tgt), Closes:
* fix for CVE-2016-3119: remote DOS with ldap for authenticated
attackers, Closes: #819468
* Prevent requires_preauth bypass (CVE-2015-2694), Closes: #783557
2016-01-31 - Salvatore Bonaccorso <>
krb5 (1.12.1+dfsg-19+deb8u2) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* Verify decoded kadmin C strings [CVE-2015-8629]
CVE-2015-8629: An authenticated attacker can cause kadmind to read
beyond the end of allocated memory by sending a string without a
terminating zero byte. Information leakage may be possible for an
attacker with permission to modify the database. (Closes: #813296)
* Check for null kadm5 policy name [CVE-2015-8630]
CVE-2015-8630: An authenticated attacker with permission to modify a
principal entry can cause kadmind to dereference a null pointer by
supplying a null policy value but including KADM5_POLICY in the mask.
(Closes: #813127)
* Fix leaks in kadmin server stubs [CVE-2015-8631]
CVE-2015-8631: An authenticated attacker can cause kadmind to leak
memory by supplying a null principal name in a request which uses one.
Repeating these requests will eventually cause kadmind to exhaust all
available memory. (Closes: #813126)
2015-11-04 - Benjamin Kaduk <>
krb5 (1.12.1+dfsg-19+deb8u1) jessie-security; urgency=high
* Import upstream patches for four CVEs:
- CVE-2015-2695: SPNEGO context aliasing during establishment,
Closes: #803083
- CVE-2015-2696: IAKERB context aliasing during establishment,
Closes: #803084
- CVE-2015-2697: unsafe string handling in TGS processing,
Closes: #803088
- CVE-2015-2698: regression (memory corruption) in patch for CVE-2015-2696
* In addition to CVE-2015-2698, the upstream patches for CVE-2015-2695
and CVE-2015-2696 introduced regressions preventing the use of
gss_import_sec_context() with contexts established using IAKERB
or SPNEGO; the fixes for those regressions are included here.
2015-03-20 - Sam Hartman <>
krb5 (1.12.1+dfsg-19) unstable; urgency=medium
* mark systemd unit directories as optional, Closes: #780831
2015-02-18 - Benjamin Kaduk <>
krb5 (1.12.1+dfsg-18) unstable; urgency=high
* Import upstream patch for CVE-2014-5355, Closes: #778647
2015-02-03 - Sam Hartman <>
krb5 (1.12.1+dfsg-17) unstable; urgency=high
* MITKRB5-SA-2015-001
- CVE-2014-5352: gss_process_context_token() incorrectly frees context
- CVE-2014-9421: kadmind doubly frees partial deserialization results
- CVE-2014-9422: kadmind incorrectly validates server principal name  
- CVE-2014-9423: libgssrpc server applications leak uninitialized bytes
2014-12-15 - Benjamin Kaduk <>
krb5 (1.12.1+dfsg-16) unstable; urgency=medium
* Import upstream patches for CVE-2014-5353 and CVE-2014-5354,
Closes: #773226, Closes: #773228
2014-11-21 - Benjamin Kaduk <>
krb5 (1.12.1+dfsg-15) unstable; urgency=medium
* Also apply slapd-before-kdc.conf to krb5-admin-server.service.d,
Closes: #769710
2014-11-07 - Benjamin Kaduk <>
krb5 (1.12.1+dfsg-14) unstable; urgency=medium
* The upstream patch in 1.12.1+dfsg-13 was incomplete; pull in
another upstream patch upon which it depended, to fix the
kfreebsd build, Closes: #768379

See Also

Package Description
krb5-kdc_1.12.1+dfsg-19+deb8u4_amd64.deb MIT Kerberos key server (KDC)
krb5-locales_1.12.1+dfsg-19+deb8u4_all.deb Internationalization support for MIT Kerberos
krb5-multidev_1.12.1+dfsg-19+deb8u4_amd64.deb Development files for MIT Kerberos without Heimdal conflict
krb5-otp_1.12.1+dfsg-19+deb8u4_amd64.deb OTP plugin for MIT Kerberos
krb5-pkinit_1.12.1+dfsg-19+deb8u4_amd64.deb PKINIT plugin for MIT Kerberos
krb5-strength_3.0-1_amd64.deb Password strength checking for Kerberos KDCs
krb5-sync-plugin_3.0-4_amd64.deb MIT Kerberos Active Directory synchronization plugin
krb5-sync-tools_3.0-4_amd64.deb Kerberos Active Directory synchronization tools
krb5-user_1.12.1+dfsg-19+deb8u4_amd64.deb Basic programs to authenticate using MIT Kerberos
krdc_4.14.1-1_amd64.deb Remote Desktop Connection client
krecipes-data_2.0~beta2-3_all.deb recipes manager for KDE - data files
krecipes-doc_2.0~beta2-3_all.deb recipes manager for KDE - documentation
krecipes_2.0~beta2-3_amd64.deb recipes manager for KDE
kredentials_2.0~pre3-1.1_amd64.deb KDE taskbar applet to update kerberos/AFS credentials
kremotecontrol_4.14.2-1_amd64.deb frontend for using remote controls