debian-edu-config (2.11.11) unstable; urgency=high The Kerberos kadm ACLs in /etc/krb5kdc/kadm5.acl contained an insecure setting allowing all authenticated users in the network to change the credentials of everyone else, thus impersonating other users and gaining their privileges. If you never changed these ACLs, the package update fixes the issue automatically. If you did, please double-check that no unexpected principal has the c ACL (lower-case!) set. -- Dominik George Mon, 16 Dec 2019 16:29:19 +0100