diff options
Diffstat (limited to 'README')
| -rw-r--r-- | README | 957 |
1 files changed, 749 insertions, 208 deletions
@@ -1,43 +1,26 @@ -these were the - Kerberos Version 5, Release 1.2 + Kerberos Version 5, Release 1.3.3 Release Notes -which are be updated for the next release by The MIT Kerberos Team Unpacking the Source Distribution --------------------------------- -The source distribution of Kerberos 5 comes in three gzipped tarfiles, -krb5-1.2.src.tar.gz, krb5-1.2.doc.tar.gz, and krb5-1.2.crypto.tar.gz. -The krb5-1.2.doc.tar.gz contains the doc/ directory and this README -file. The krb5-1.2.src.tar.gz contains the src/ directory and this -README file, except for the crypto library sources, which are in -krb5-1.2.crypto.tar.gz. - -Instruction on how to extract the entire distribution follow. These -directions assume that you want to extract into a directory called -DIST. +The source distribution of Kerberos 5 comes in a gzipped tarfile, +krb5-1.3.3.tar.gz. Instructions on how to extract the entire +distribution follow. If you have the GNU tar program and gzip installed, you can simply do: - mkdir DIST - cd DIST - gtar zxpf krb5-1.2.src.tar.gz - gtar zxpf krb5-1.2.crypto.tar.gz - gtar zxpf krb5-1.2.doc.tar.gz + gtar zxpf krb5-1.3.3.tar.gz If you don't have GNU tar, you will need to get the FSF gzip distribution and use gzcat: - mkdir DIST - cd DIST - gzcat krb5-1.2.src.tar.gz | tar xpf - - gzcat krb5-1.2.crypto.tar.gz | tar xpf - - gzcat krb5-1.2.doc.tar.gz | tar xpf - + gzcat krb5-1.3.3.tar.gz | tar xpf - -Both of these methods will extract the sources into DIST/krb5-1.2/src -and the documentation into DIST/krb5-1.2/doc. +Both of these methods will extract the sources into krb5-1.3.3/src and +the documentation into krb5-1.3.3/doc. Building and Installing Kerberos 5 ---------------------------------- @@ -70,8 +53,272 @@ If you are not able to use krb5-send-pr because you haven't been able compile and install Kerberos V5 on any platform, you may send mail to krb5-bugs@mit.edu. +You may view bug reports by visiting + +http://krbdev.mit.edu/rt/ + +and logging in as "guest" with password "guest". + +Major changes in 1.3.3 +---------------------- + +* [2284] Fixed accept_sec_context to use a replay cache in the + GSS_C_NO_CREDENTIAL case. Reported by Cesar Garcia. + +* [2426] Fixed a spurious SIGPIPE that happened in the TCP sendto_kdc + code on AIX. Thanks to Bill Dodd. + +* [2430] Fixed a crash in the MSLSA ccache. + +* [2453] The AES string-to-key function no longer returns a pointer to + stack memory when given a password longer than 64 characters. + +Minor changes in 1.3.3 +---------------------- + +* [2277] In sendto_kdc, a socket leak on connection failure was fixed. + Thanks to Bill Dodd. + +* [2384] A memory leak in the TCP handling code in the KDC has been + fixed. Thanks to Will Fiveash. + +* [2521] The Windows NSIS installer scripts are in the source tree. + +* [2522] The MSLSA ccache now supports Windows 9x. + +Major changes in 1.3.2 +---------------------- + +* [2040, 1471, 2067, 2077, 2079, 2166, 2167, 2220, 2266] Support for + AES in GSSAPI has been implemented. This corresponds to the + in-progress work in the IETF (CFX). + +* [2049, 2139, 2148, 2153, 2182, 2183, 2184, 2190, 2202] Added a new + ccache type "MSLSA:" for read-only access to the MS Windows LSA + cache. + +* [982] On windows, krb5.exe now has a checkbox to request addressless + tickets. + +* [2189, 2234] To avoid compatibility problems, unrecognized TGS + options will now be ignored. Thanks to Wyllys Ingersoll for finding + a problem with a previous fix. + +* [2218] 128-bit AES has been added to the default enctypes. + +* [2223, 2229] AES cryptosystem now chains IVs. This WILL break + backwards compatibility for the kcmd applications, if they are using + AES session keys. Thanks to Wyllys Ingersoll for finding a problem + with a previous fix. + +Minor changes in 1.3.2 +---------------------- + +* [1437] Applied patch from Stephen Grau so kinit returns non-zero + status under certain failure conditions where it had previously + returned zero. + +* [1586] On Windows, the krb4 CREDENTIALS structure has been changed + to align with KfW's version of the structure. + +* [1613] Applied patch from Dave Shrimpton to avoid truncation of + dates output from the kadmin CLI when long time zone names are + used. + +* [1622] krshd no longer calls syslog from inside a signal handler, in + an effort to avoid deadlocks on exit. + +* [1649] A com_err test program compiles properly on Darwin now. + +* [1692] A new configuration file tag "master_kdc" has been added to + allow master KDCs to be designated separately from admin servers. + +* [1702] krb5_get_host_realm() and krb5_free_host_realm() are no + longer marked as KRB5_PRIVATE. + +* [1711] Applied patch from Harry McGavran Jr to allow fake-addrinfo.h + to compile on libc5 Linux platforms. + +* [1712] Applied patch from Cesar Garcia to fix lifetime computation + in krb524 ticket conversion. + +* [1714] Fixed a 64-bit endianness bug in ticket starttime encoding in + krb524d. Found by Cesar Garcia. + +* [1715] kadmind4 and v5passwdd are no longer installed on Mac OS X. + +* [1718] The krb4 library configure script now recognizes + OpenDarwin/x86. Bug found by Rob Braun. + +* [1721] krb5_get_init_creds_password() no longer returns a spurious + KRB5_REALM_UNKNOWN if DNS SRV record support is turned off. + +* [1730] krb_mk_auth() no longer overzealously clears the key + schedule. + +* [1731] A double-free related to reading forwarded credentials has + been fixed. Found by Joseph Galbraith. + +* [1770] Applied patch from Maurice Massar to fix a foreachaddr() + problem that was causing the KDC to segfault on startup. + +* [1790] The Linux build uses $(CC) to create shared libraries, + avoiding a libgcc problem when building libdb. + +* [1792] The lib/kadm5 unit tests now work around a Solaris 9 + pty-close bug. + +* [1793] The test suite works around some Tru64 and Irix RPATH + issues, which previously could prevent tests from running on a build + with shared libraries enabled. + +* [1799] kadmind supports callouts to the Apple password server. + +* [1893] KRB-SAFE messages from older releases can now be read + successfully. Prior 1.3.x releases did not save the encoded + KRB-SAFE message, and experienced problems when re-encoding. Found + by Scooter Morris. + +* [1962] MS LSA tickets with short remaining lifetimes will be + rejected in favor of retrieving tickets bypassing the LSA cache. + +* [1973] sendto_kdc.c now closes sockets with closesocket() instead of + close(), avoiding a descriptor leak on Windows. + +* [1979] An erroneously short initial sequence number mask has been + fixed. + +* [2028] KfW now displays a kinit dialog when GSS fails to find + tickets. + +* [2051] Missing exports have been added to krb4_32.def on Windows. + +* [2058] Some problems with krb4 ticket lifetime backdating have + fixed. + +* [2060] GSSAPI's idea of the default ccache is less sticky now. + +* [2068] The profile library includes prof-int.h before conditionals + that rely on it. + +* [2084] The resolver library is no longer referenced by library code + if not building with DNS SRV record support. + +* [2085] Updated Windows README file to reflect current compilation + requirements, etc. + +* [2104] On Windows, only define strcasecmp and strncasecmp + replacement macros if said functions are missing. + +* [2106] Return an error for unimplemented ccache functions, rather + than calling through a null pointer. + +* [2118] Applied patch from Will Fiveash to use correct parameter for + KDC TCP listening sockets. + +* [2144,2230] Memory management errors in the Windows gss.exe test + client have been fixed. + +* [2171] krb5_locate_kpasswd() now correctly calls htons() on the + kpasswd port number. Found by Arlene Berry. + +* [2180] The profile library now includes pthread.h when compiled with + USE_PTHREADS. + +* [2181, 2224] A timeout has been added to gss-server, and a missing + parameter to sign_server() has been added. + +* [2196] config.{guess,sub} have been updated from autoconf-2.59. + +* [2204] Windows gss.exe now has support for specifying credentials + cache, as well as some minor bugfixes. + +* [2210] GSSAPI accept_sec_context() no longer unconditionally sets + INTEG and CONF flags in contradiction to what the initiator sent. + +* [2212] The GSS sample application has some additional options to + support testing of SSPI vs GSSAPI. + +* [2217] Windows gss.exe has new UI elements to support more flag + settings. + +* [2225] In the gss sample client, some extraneous parameters have + been removed from client_establish_context(). + +* [2228] Copyright notices updated in GSS sample apps. + +* [2233] On Windows compiles with KRB5_KFW_COMPILE, the lib path for + krbcc32.lib is now correct. + +* [2195, 2236, 2241, 2245] The Solaris 9 pty-close bug, which was + affecting the test suite, has been worked around by hacking + scheduler priorities. See the installation notes for details. + Thanks to Bill Sommerfeld for some useful hints. + +* [2258] An incorrect memcpy() statement in fakeka has been fixed. + Reported by David Thompson. + +Notes, Major Changes, and Known Bugs for 1.3.1 +---------------------------------------------- + +* [1681] The incorrect encoding of the ETYPE-INFO2 preauthentication + hint is no longer emitted, and the both the incorrect and the + correct encodings of ETYPE-INFO2 are now accepted. We STRONGLY + encourage deploying krb5-1.3.1 in preference to 1.3, especially on + client installations, as the 1.3 release did not conform to the + internet-draft for the revised Kerberos protocol in its encoding of + ETYPE-INFO2. + +* [1683] The non-caching getaddrinfo() API on Mac OS X, which was + causing significant slowdowns under some circumstances, has been + worked around. + +Minor changes in 1.3.1 +---------------------- + +* [1015] gss_accept_sec_context() now passes correct arguments to + TREAD_STR() when reading options beyond the forwarded credential + option. Thanks to Emily Ratliff. + +* [1365] The GSSAPI initiator credentials are no longer cached inside + the GSSAPI library. + +* [1651] A buffer overflow in krb_get_admhst() has been fixed. + +* [1655] krb5_get_permitted_enctypes() and krb5_set_real_time() are + now exported for use by Samba. + +* [1656] gss_init_sec_context() no longer leaks credentials under some + error conditions. + +* [1657] krb_get_lrealm() no longer returns "ATHENA.MIT.EDU" + inappropriately. + +* [1664] The crypto library no longer has bogus dependencies on + com_err. + +* [1665] krb5_init_context() no longer multiply registers error tables + when called more than once, preventing a memory leak. + +* [1666] The GSS_C_NT_* symbols are now exported from gssapi32.dll on + Windows. + +* [1667] ms2mit now imports any tickets with supported enctypes, and + does not import invalid tickets. + +* [1677] krb5_gss_register_acceptor_identity() no longer has an + off-by-one in its memory allocation. + +* [1679] krb5_principal2salt is now exported on all platforms. + +* [1684] The file credentials cache is now supported if USE_CCAPI is + defined, i.e., for KfM and KfW. + +* [1691] Documentation for the obsolete kdc_supported_enctypes config + variable has been removed. + Notes, Major Changes, and Known Bugs for 1.3 ------------------------------------- +-------------------------------------------- * We now install the compile_et program, so other packages can use the installed com_err library with their own error tables. (If you use @@ -83,8 +330,13 @@ Notes, Major Changes, and Known Bugs for 1.3 that will probably frustrate any attempts to run this code under SunOS 4 or other pre-C89 systems. -* Some new code, bug fixes, and cleanup for IPv6 support. [[TODO: - Insert list of (non-)supporting programs and libraries here.]] +* Some new code, bug fixes, and cleanup for IPv6 support. Most of the + code should support IPv6 transparently now. The RPC code (and + therefore the admin system, which is based on it) does not yet + support IPv6. The support for Kerberos 4 may work with IPv6 in very + limited ways, if the address checking is turned off. The FTP client + and server do not have support for the new protocol messages needed + for IPv6 support (RFC 2428). * We have upgraded to autoconf 2.52 (or later), and the syntax for specifying certain configuration options have changed. For example, @@ -96,204 +348,489 @@ Notes, Major Changes, and Known Bugs for 1.3 may be necessary when talking to Microsoft KDCs (domain controllers), if they issue you tickets with lots of PAC data. -* If you have versions of the com_err, ss, or Berkeley DB packages - installed locally, you can use the --with-system-et, - --with-system-ss, and --with-system-db configure options to use them - rather than using the versions supplied here. Note that the - interfaces are assumed to be similar to those we supply; in +* If you have versions of the com_err or ss installed locally, you can + use the --with-system-et and --with-system-ss configure options to + use them rather than using the versions supplied here. Note that + the interfaces are assumed to be similar to those we supply; in particular, some older, divergent versions of the com_err library may not work with the krb5 sources. Many configure-time variables can be used to help the compiler and linker find the installed packages; see the build documentation for details. -Notes, Major Changes, and Known Bugs for 1.2, delete before shipping 1.3 ------------------------------------- - -* Triple DES support, for session keys as well as user or service - keys, should be nearly complete in this release. Much of the work - that has been needed is generic multiple-cryptosystem support, so - the addition of another cryptosystem should be much easier. - - * GSSAPI support for 3DES has been added. An Internet Draft is - being worked on that will describe how this works; it is not - currently standardized. Some backwards-compatibility issues in - this area mean that enabling 3DES support must be done with - caution; service keys that are used for GSSAPI must not be updated - to 3DES until the services themselves are upgraded to support 3DES - under GSSAPI. - -* DNS support for locating KDCs is enabled by default. DNS support - for looking up the realm of a host is compiled in but disabled by - default (due to some concerns with DNS spoofing). - - We recommend that you publish your KDC information through DNS even - if you intend to rely on config files at your own site; otherwise, - sites that wish to communicate with you will have to keep their - config files updated with your information. One of the goals of - this code is to reduce the client-side configuration maintenance - requirements as much as is possible, without compromising security. - - See the administrator's guide for information on setting up DNS - information for your realm. - - One important effect of this for developers is that on many systems, - "-lresolv" must be added to the compiler command line when linking - Kerberos programs. - - Configure-time options are available to control the inclusion of the - DNS code and the setting of the defaults. Entries in krb5.conf will - also modify the behavior if the code has been compiled in. - -* Numerous buffer-overrun problems have been found and fixed. Many of - these were in locations we don't expect can be exploited in any - useful way (for example, overrunning a buffer of MAXPATHLEN bytes if - a compiled-in pathname is too long, in a program that has no special - privileges). It may be possible to exploit a few of these to - compromise system security. - -* Partial support for IPv6 addresses has been added. It can be - enabled or disabled at configure time with --enable-ipv6 or - --disable-ipv6; by default, the configure script will search for - certain types and macros, and enable the IPv6 code if they're found. - The IPv6 support at this time mostly consists of including the - addresses in credentials. - -* A protocol change has been made to the "rcmd" suite (rlogin, rsh, - rcp) to address several security problems described in Kris - Hildrum's paper presented at NDSS 2000. New command-line options - have been added to control the selection of protocol, since the - revised protocol is not compatible with the old one. - -* A security problem in login.krb5 has been fixed. This problem was - only present if the krb4 compatibility code was not compiled in. - -* A security problem with ftpd has been fixed. An error in the in the - yacc grammar permitted potential root access. - -* The client programs kinit, klist and kdestroy have been changed to - incorporate krb4 support. New command-line options control whether - krb4 behavior, krb5 behavior, or both are used. - -* Patches from Frank Cusack for much better hardware preauth support - have been incorporated. - -* Patches from Matt Crawford extend the kadmin ACL syntax so that - restrictions can be imposed on what certain administrators may do to - certain accounts. - -* A KDC on a host with multiple network addresses will now respond to - a client from the address that the client used to contact it. The - means used to implement this will however cause the KDC not to - listen on network addresses configured after the KDC has started. - -Minor changes -------------- - -* New software using com_err should use the {add,remove}_error_table - interface rather than init_XXX_error_table; in fact, the latter - function in the generate C files will now call add_error_table - instead of messing with unprotected global variables. - - Karl Ramm has offered to look into reconciling the various - extensions and changes that have been made in different versions of - the MIT library, and the API used in the Heimdal equivalent. No - timeline is set for this work. - -* Some source files (including some header files we install) now have - annotations for use with the LCLint package from the University of - Virginia. LCLint, as of version 2.5q, is not capable of handling - much of the Kerberos code in its current form, at least not without - significantly restructuring the Kerberos code, but it has been used - in limited cases and has uncovered some bugs. We may try adding - more annotations in the future. - -Minor changes for 1.2, delete this section before shipping 1.3 -------------- - -* The shell code for searching for the Tcl package at configure time - has been modified. If a tclConfig.sh can be found, the information - it contains is used, otherwise the old searching method is tried. - Let us know if this new scheme causes any problems. - -* Shared library builds may work on HPUX, Rhapsody/MacOS X, and newer - Alpha systems now. - -* The Windows build will now include kvno and gss-sample. - -* The routine krb5_secure_config_files has been disabled. A new - routine, krb5_init_secure_context, has been added in its place. - -* The routine decode_krb5_ticket is now being exported as - krb5_decode_ticket. Any programs that used the old name (which - should be few) should be changed to use the new name; we will - probably eliminate the old name in the future. - -* The CCAPI-based credentials cache code has been changed to store the - local-clock time of issue and expiration rather than the KDC-clock - times. - -* On systems with large numbers of IP addresses, "kinit" should do a - better job of acquiring those addresses to put in the user's - credentials. - -* Several memory leaks in error cases in the gssrpc code have been - fixed. +* The AES cryptosystem has been implemented. However, support in the + Kerberos GSSAPI mechanism has not been written (or even fully + specified), so it's not fully enabled. See the documentation for + details. + +Major changes listed by ticket ID +--------------------------------- -* A bug with login clobbering some internal static storage on AIX has +* [492] PRNG breakage on 64-bit platforms no longer an issue due to + new PRNG implementation. + +* [523] Client library is now compatible with the RC4-based + cryptosystem used by Windows 2000. + +* [709] krb4 long lifetime support has been implemented. + +* [880] krb5_gss_register_acceptor_identity() implemented (is called + gsskrb5_register_acceptor_identity() by Heimdal). + +* [1087] ftpd no longer requires channel bindings, allowing easier use + of ftp from behind a NAT. + +* [1156, 1209] It is now possible to use the system com_err to build + this release. + +* [1174] TCP support added to client library. + +* [1175] TCP support added to the KDC, but is disabled by default. + +* [1176] autoconf-2.5x is now required by the build system. + +* [1184] It is now possible to use the system Berkeley/Sleepycat DB + library to build this release. + +* [1189, 1251] The KfM krb4 library source base has been merged. + +* [1190] The default KDC master key type is now triple-DES. KDCs + being updated may need their config files updated if they are not + already specifying the master key type. + +* [1190] The default ticket lifetime and default maximum renewable + ticket lifetime have been extended to one day and one week, + respectively. + +* [1191] A new script, k5srvutil, may be used to manipulate keytabs in + ways similar to the krb4 ksrvutil utility. + +* [1281] The "fakeka" program, which emulates the AFS kaserver, has + been integrated. Thanks to Ken Hornstein. + +* [1343] The KDC now defaults to not answering krb4 requests. + +* [1344] Addressless tickets are requested by default now. + +* [1372] There is no longer a need to create a special keytab for + kadmind. The legacy administration daemons "kadmind4" and + "v5passwdd" will still require a keytab, though. + +* [1377, 1442, 1443] The Microsoft set-password protocol has been + implemented. Thanks to Paul Nelson. + +* [1385, 1395, 1410] The krb4 protocol vulnerabilities + [MITKRB5-SA-2003-004] have been worked around. Note that this will + disable krb4 cross-realm functionality, as well as krb4 triple-DES + functionality. Please see doc/krb4-xrealm.txt for details of the + patch. + +* [1393] The xdrmem integer overflows [MITKRB5-SA-2003-003] have been fixed. -* Per-library initialization and cleanup functions have been added, - for use in configurations that dynamically load and unload these - libraries. +* [1397] The krb5_principal buffer bounds problems + [MITKRB5-SA-2003-005] have been fixed. Thanks to Nalin Dahyabhai. + +* [1415] Subsession key negotiation has been fixed to allow for + server-selected subsession keys in the future. + +* [1418, 1429, 1446, 1484, 1486, 1487, 1535, 1621] The AES + cryptosystem has been implemented. It is not usable for GSSAPI, + though. + +* [1491] The client-side functionality of the krb524 library has been + moved into the krb5 library. + +* [1550] SRV record support exists for Kerberos v4. + +* [1551] The heuristic for locating the Kerberos v4 KDC by prepending + "kerberos." to the realm name if no config file or DNS information + is available has been removed. + +* [1568, 1067] A krb524 stub library is built on Windows. + +Minor changes listed by ticket ID +--------------------------------- + +* [90] default_principal_flags documented. + +* [175] Docs refer to appropriate example domains/IPs now. + +* [299] kadmin no longer complains about missing kdc.conf parameters + when it really means krb5.conf parameters. -* Many compile-time warnings have been fixed. +* [318] Run-time load path for tcl is set now when linking test + programs. -* The GSS sample programs have been updated to exercise more of the - API. +* [443] --includedir honored now. -* The telnet server should produce a more meaningful error message if - authentication is required but not provided. +* [479] unused argument in try_krb4() in login.c deleted. -* Changes have been made to ksu to make it more difficult to use it to - leak information the user does not have access to. +* [590] The des_read_pw_string() function in libdes425 has been + aligned with the original krb4 and CNS APIs. -* The sample config file information for the CYGNUS.COM realm has been - updated, and the GNU.ORG realm has been added. +* [608] login.krb5 handles SIGHUP more sanely now and thus avoids + getting the session into a weird state w.r.t. job control. -* A configure-time option has been added to enable a replay cache in - the KDC. We recommend its use when hardware preauthentication is - being used. It is enabled by default, and can be disabled if - desired with the configure-time option --disable-kdc-replay-cache. +* [620] krb4 encrypted rcp should work a little better now. Thanks to + Greg Hudson. -* Some new routines have been added to the library and krb5.h. +* [647] libtelnet/kerberos5.c no longer uses internal include files. -* A new routine has been added to the prompter interface to allow the - application to determine which of the strings prompted for is the - user's password, in case it is needed for other purposes. +* [673] Weird echoing of admin password in kadmin client worked around + by not using buffered stdio calls to read passwords. -* The remote kadmin interface has been enhanced to support the - specification of key/salt types for a principal. +* [677] The build system has been reworked to allow the user to set + CFLAGS, LDFLAGS, CPPFLAGS, etc. reasonably. -* New keytab entries' key values can now be specified manually with a - new command in the ktutil program. +* [680] Related to [673], rewrite krb5_prompter_posix() to no longer + use longjmp(), thus avoiding some bugs relating to non-restoration + of terminal settings. -* A longstanding bug where certain krb4 exchanges using the - compatibility library between systems with different byte orders - would fail half the time has been fixed. +* [697] login.krb5 no longer zeroes out the terminal window size. -* A source file under the GPL has been replaced with an equivalent - under the BSD license. The file, strftime.c, was part of one of the - OpenVision admin system applications, and was only used on systems - that don't have strftime() in their C libraries. +* [710] decomp_ticket() in libkrb4 now looks up the local realm name + more correctly. Thanks to Booker Bense. -* Many bug reports are still outstanding in our database. We are - continuing to work on this backlog. +* [771] .rconf files are excluded from the release now. +* [772] LOG_AUTHPRIV syslog facility is now usable for logging on + systems that support it. + +* [844] krshd now syslogs using the LOG_AUTH facility. + +* [850] Berekely DB build is better integrated into the krb5 library + build process. + +* [866] lib/krb5/os/localaddr.c and kdc/network.c use a common source + for local address enumeration now. + +* [882] gss-client now correctly deletes the context on error. + +* [919] kdc/network.c problems relating to SIOCGIFCONF have been + fixed. + +* [922] An overflow in the string-to-time conversion routines has been + fixed. + +* [933] krb524d now handles single-DES session keys other than of type + des-cbc-crc. + +* [935] des-cbc-md4 now included in default enctypes. + +* [939] A minor grammatical error has been fixed in a telnet client + error message. + +* [953] des3 no longer failing on Windows due to SHA1 implementation + problems. + +* [964] kdb_init_hist() no longer fails if master_key_enctype is not + in supported_enctypes. + +* [970] A minor inconsistency in ccache.tex has been fixed. + +* [971] option parsing bugs rendered irrelevant by removal of unused + gss mechanism. + +* [976] make install mentioned in build documentation. + +* [986] Related to [677], problems with the ordering of LDFLAGS + initialization rendered irrelevant by use of native autoconf + idioms. + +* [992] Related to [677], quirks with --with-cc no longer relevant as + AC_PROG_CC is used instead now. + +* [999] The kdc_default_options configuration variable is now honored. + Thanks to Emily Ratliff. + +* [1006] Client library, as well as KDC, now perform reasonable + sorting of ETYPE-INFO preauthentication data. + +* [1055] NULL pointer dereferences in code calling + krb5_change_password() have been fixed. + +* [1063] Initial credentials acquisition failures related to client + host having a large number of local network interfaces should be + fixed now. + +* [1064] Incorrect option parsing in the gssapi library is no longer + relevant due to removal of the "v2" mechanism. + +* [1065, 1225] krb5_get_init_creds_password() should properly warn about + password expiration. + +* [1066] printf() argument mismatches in rpc unit tests fixed. + +* [1085] The krb5.conf manpage has been re-synchronized with other + documentation. + +* [1102] gssapi_generic.h should now work with C++. + +* [1135] The kadm5 ACL system is better documented. + +* [1136] Some documentation for the setup of cross-realm + authentication has been added. + +* [1164] krb5_auth_con_gen_addrs() now properly returns errno instead + of -1 if getpeername() fails. + +* [1173] Address-less forwardable tickets will remain address-less + when forwarded. + +* [1178, 1228, 1244, 1246, 1249] Test suite has been stabilized + somewhat. + +* [1188] As part of the modernization of our usage of autoconf, + AC_CONFIG_FILES is now used instead of passing a list of files to + AC_OUTPUT. + +* [1194] configure will no longer recurse out of the top of the source + tree when attempting to locate the top of the source tree. + +* [1192] Documentation for the krb5 afs functionality of krb524d has + been written. + +* [1195] Example krb5.conf file modified to include all enctypes + supported by the release. + +* [1202] The KDC no longer rejects unrecognized flags. + +* [1203] krb5_get_init_creds_keytab() no longer does a double-free. + +* [1211] The ASN.1 code no longer passes (harmless) uninitialized + values around. + +* [1212] libkadm5 now allows for persistent exclusive database locks. + +* [1217] krb5_read_password() and des_read_password() are now + implemented via krb5_prompter_posix(). + +* [1224] For SAM challenges, omitted optional strings are no longer + encoded as zero-length strings. + +* [1226] Client-side support for SAM hardware-based preauth + implemented. + +* [1229] The keytab search logic no longer fails prematurely if an + incorrect encryption type is found. Thanks to Wyllys Ingersoll. + +* [1232] If the master KDC cannot be resolved, but a slave is + reachable, the client library now returns the real error from the + slave rather than the resolution failure from the master. Thanks to + Ben Cox. + +* [1234] Assigned numbers for SAM preauth have been corrected. + sam-pk-for-sad implementation has been aligned. + +* [1237] Profile-sharing optimizations from KfM have been merged. + +* [1240] Windows calling conventions for krb5int_c_combine_keys() have + been aligned. + +* [1242] Build system incompatibilities with Debian's chimeric + autoconf installation have been worked around. + +* [1256] Incorrect sizes passed to memset() in combine_keys() + operations have been corrected. + +* [1260] Client credential lookup now gets new service tickets in + preference to attempting to use expired ticketes. Thanks to Ben + Cox. + +* [1262, 1572] Sequence numbers are now unsigned; negative sequence + numbers will be accepted for the purposes of backwards + compatibility. + +* [1263] A heuristic for matching the incorrectly encoded sequence + numbers emitted by Heimdal implementations has been written. + +* [1284] kshd accepts connections by IPv6 now. + +* [1292] kvno manpage title fixed. + +* [1293] Source files no longer explicitly attempt to declare errno. + +* [1304] kadmind4 no longer leaves sa_flags uninitialized. + +* [1305] Expired tickets now cause KfM to pop up a password dialog. + +* [1309] krb5_send_tgs() no longer leaks the storage associated with + the TGS-REQ. + +* [1310] kadm5_get_either() no longer leaks regexp library memory. + +* [1311] Output from krb5-config no longer contains spurious uses of + $(PURE). + +* [1324] The KDC no longer logs an inappropriate "no matching key" + error when an encrypted timestamp preauth password is incorrect. + +* [1334] The KDC now returns a clockskew error when the timestamp in + the encrypted timestamp preauth is out of bounds, rather than just + returning a preauthentcation failure. + +* [1342] gawk is no longer required for building kerbsrc.zip for the + Windows build. + +* [1346] gss_krb5_ccache_name() no longer attempts to return a pointer + to freed memory. + +* [1351] The filename globbing vulnerability [CERT VU#258721] in the + ftp client's handling of filenames beginning with "|" or "-" + returned from the "mget" command has been fixed. + +* [1352] GSS_C_PROT_READY_FLAG is no longer asserted inappropriately + during GSSAPI context establishment. + +* [1356] krb5_gss_accept_sec_context() no longer attempts to validate + a null credential if one is passed in. + +* [1362] The "-a user" option to telnetd now does the right thing. + Thanks to Nathan Neulinger. + +* [1363] ksu no longer inappropriately syslogs to stderr. + +* [1357] krb__get_srvtab_name() no longer leaks memory. + +* [1370] GSS_C_NO_CREDENTIAL now accepts any principal in the keytab. + +* [1373] Handling of SAM preauth no longer attempts to stuff a size_t + into an unsigned int. + +* [1387] BIND versions later than 8 now supported. + +* [1392] The getaddrinfo() wrapper should work better on AIX. + +* [1400] If DO_TIME is not set in the auth_context, and no replay + cache is available, no replay cache will be used. + +* [1406, 1108] libdb is no longer installed. If you installed + krb5-1.3-alpha1, you should ensure that no spurious libdb is left in + your install tree. + +* [1412] ETYPE_INFO handling no longer goes into an infinite loop. + +* [1414] libtelnet is now built using the same library build framework + as the rest of the tree. + +* [1417] A minor memory leak in krb5_read_password() has been fixed. + +* [1419] A memory leak in asn1_decode_kdc_req_body() has been fixed. + +* [1435] inet_ntop() is now emulated when needed. + +* [1439] krb5_free_pwd_sequences() now correctly frees the entire + sequence of elements. + +* [1440] errno is no longer explicitly declared. + +* [1441] kadmind should now return useful errors if an unrecognized + version is received in a changepw request. + +* [1454, 1480, 1517, 1525] The etype-info2 preauth type is now + supported. + +* [1459] (KfM/KLL internal) config file resolution can now be + prevented from accessing the user's homedir. + +* [1463] Preauth handling in the KDC has been reorganized. + +* [1470] Double-free in client-side preauth code fixed. + +* [1473] Ticket forwarding when the TGS and the end service have + different enctypes should work somewhat better now. + +* [1474] ASN.1 testsuite memory management has been cleaned up a + little to allow for memory leak checking. + +* [1476] Documentation updated to reflect default krb4 mode. + +* [1482] RFC-1964 OIDs now provided using the suggested symbolic + names. + +* [1483, 1528] KRB5_DEPRECATED is now false by default on all + platforms. + +* [1488] The KDC will now return integrity errors if a decryption + error is responsible for preauthentication failure. + +* [1492] The autom4te.cache directories are now deleted from the + release tarfiles. + +* [1501] Writable keytabs are registered by default. + +* [1515] The check for cross-realm TGTs no longer reads past the end + of an array. + +* [1518] The kdc_default_options option is now actually honored. + +* [1519] The changepw protocol implementation in kadmind now logs + password changes. + +* [1520] Documentation of OS-specific build options has been updated. + +* [1536] A missing prototype for krb5_db_iterate_ext() has been + added. + +* [1537] An incorrect path to kdc.conf show in the kdc.conf manpage + has been fixed. + +* [1540] verify_as_reply() will only check the "renew-till" time + against the "till" time if the RENEWABLE is not set in the request. + +* [1547] gssftpd no longer uses vfork(), as this was causing problems + under RedHat 9. + +* [1549] SRV records with a value of "." are now interpreted as a lack + of support for the protocol. + +* [1553] The undocumented (and confusing!) kdc_supported_enctypes + kdc.conf variable is no longer used. + +* [1560] Some spurious double-colons in password prompts have been + fixed. + +* [1571] The test suite tries a little harder to get a root shell. + +* [1573] The KfM build process now sets localstatedir=/var/db. + +* [1576, 1575] The client library no longer requests RENEWABLE_OK if + the renew lifetime is greater than the ticket lifetime. + +* [1587] A more standard autoconf test to locate the C compiler allows + for gcc to be found by default without additional configuration + arguments. + +* [1593] Replay cache filenames are now escaped with hyphens, not + backslashes. + +* [1598] MacOS 9 support removed from in-tree com_err. + +* [1602] Fixed a memory leak in make_ap_req_v1(). Thanks to Kent Wu. + +* [1604] Fixed a memory leak in krb5_gss_init_sec_context(), and an + uninitialized memory reference in kg_unseal_v1(). Thanks to Kent + Wu. + +* [1607] kerberos-iv SRV records are now documented. + +* [1610] Fixed AES credential delegation under GSSAPI. + +* [1618] ms2mit no longer inserts local addresses into tickets + converted from the MS ccache if they began as addressless tickets. + +* [1619] etype_info parser (once again) accepts extra field emitted by + Heimdal. + +* [1643] Some typos in kdc.conf.M have been fixed. + +* [1648] For consistency, leading spaces before preprocessor + directives in profile.h have been removed. Copyright Notice and Legal Administrivia ---------------------------------------- -Copyright (C) 1985-2000 by the Massachusetts Institute of Technology. +Copyright (C) 1985-2004 by the Massachusetts Institute of Technology. All rights reserved. @@ -459,7 +996,7 @@ Thanks to Doug Engert from ANL for providing many bug fixes, as well as testing to ensure DCE interoperability. Thanks to Ken Hornstein at NRL for providing many bug fixes and -suggestions. +suggestions, and for working on SAM preauthentication. Thanks to Matt Crawford at FNAL for bugfixes and enhancements. @@ -472,11 +1009,15 @@ providing patches for numerous buffer overruns. Thanks to Christopher Thompson and Marcus Watts for discovering the ftpd security bug. +Thanks to Paul Nelson of Thursby Software Systems for implementing the +Microsoft set password protocol. + Thanks to the members of the Kerberos V5 development team at MIT, both -past and present: Danilo Almeida, Jay Berkenbilt, Richard Basch, John -Carr, Don Davis, Alexandra Ellwood, Nancy Gilman, Matt Hancher, Sam -Hartman, Paul Hill, Marc Horowitz, Eva Jacobus, Miroslav Jurisic, -Barry Jaspan, Geoffrey King, John Kohl, Peter Litwack, Scott McGuire, -Kevin Mitchell, Cliff Neuman, Paul Park, Ezra Peisach, Chris -Provenzano, Ken Raeburn, Jon Rochlis, Jeff Schiller, Brad Thompson, -Harry Tsai, Ted Ts'o, Marshall Vale, Tom Yu. +past and present: Danilo Almeida, Jeffrey Altman, Jay Berkenbilt, +Richard Basch, Mitch Berger, John Carr, Don Davis, Alexandra Ellwood, +Nancy Gilman, Matt Hancher, Sam Hartman, Paul Hill, Marc Horowitz, Eva +Jacobus, Miroslav Jurisic, Barry Jaspan, Geoffrey King, John Kohl, +Peter Litwack, Scott McGuire, Kevin Mitchell, Cliff Neuman, Paul Park, +Ezra Peisach, Chris Provenzano, Ken Raeburn, Jon Rochlis, Jeff +Schiller, Jen Selby, Brad Thompson, Harry Tsai, Ted Ts'o, Marshall +Vale, Tom Yu. |