diff options
Diffstat (limited to 'README')
| -rw-r--r-- | README | 1195 |
1 files changed, 373 insertions, 822 deletions
@@ -1,4 +1,4 @@ - Kerberos Version 5, Release 1.3.5 + Kerberos Version 5, Release 1.4.2 Release Notes The MIT Kerberos Team @@ -6,21 +6,16 @@ Unpacking the Source Distribution --------------------------------- -The source distribution of Kerberos 5 comes in a gzipped tarfile, -krb5-1.3.5.tar.gz. Instructions on how to extract the entire -distribution follow. +The source distribution of Kerberos 5 comes in a tarfile, +krb5-1.4.2-signed.tar. The tarfile contains a gzipped tarfile, +krb5-1.4.2.tar.gz, and its corresponding PGP signature, +krb5-1.4.2.tar.gz.asc. -If you have the GNU tar program and gzip installed, you can simply do: +You will need the GNU gzip program, and preferably, the GNU tar +program, to extract the source distribution. - gtar zxpf krb5-1.3.5.tar.gz - -If you don't have GNU tar, you will need to get the FSF gzip -distribution and use gzcat: - - gzcat krb5-1.3.5.tar.gz | tar xpf - - -Both of these methods will extract the sources into krb5-1.3.5/src and -the documentation into krb5-1.3.5/doc. +The distribution will extract into a subdirectory "krb5-1.4.2" of the +current directory. Building and Installing Kerberos 5 ---------------------------------- @@ -59,940 +54,474 @@ http://krbdev.mit.edu/rt/ and logging in as "guest" with password "guest". -Major changes in 1.3.5 ----------------------- - -* [2682] Fix ftpd hang caused by empty PASS command. - -* [2686] Fix double-free errors. [MITKRB5-SA-2004-002] - -* [2687] Fix denial-of-service vulnerability in ASN.1 - decoder. [MITKRB5-SA-2004-003] - -Minor changes in 1.3.5 ----------------------- - -* [2016] Fix build problem in fake-addrinfo.h by including stdio.h so - that sprintf() gets prototyped where needed on some platforms. - -* [2353] Add missing prototype for gss_krb5int_unseal_token_v3(). - -* [2607] Fix enctype filtering and some memory leaks in MSLSA ccache. - -* [2608] Remove incorrect localization in MSLSA ccache which was - resulting in crashes. - -* [2619] Update MSLSA ccache to support new LSA flag. - -* [2623] Update MSLSA ccache to reflect differences in registry layout - between Windows client and server OSes. - -* [2624] Do not ignore the cache when obtaining TGTs from the MSLSA if - the requested enctype is the NULL enctype. - -* [2626] Add Terminal Server compatibility for KfW. - -* [2627] Fix cc_mslsa thread safety. - -* [2634] Remove the caching of the ccache principal name from - krb5_context. - -* [2643] Fix another problem with krb4 ticket backdating. - -* [2675] Add new WiX-based MSI installer for KfW. - -* [2677] Add "-c ccache" option to kvno; use consistent memory - management to avoid crashes on Windows. - -* [2689] Misc MSLSA ccache fixes. - -* [2691] Improve documentation of ANSI C requirement. - -Major changes in 1.3.4 ----------------------- - -* [2024, 2583, 2584] Fixed buffer overflows in - krb5_aname_to_localname(). [MITKRB-SA-2004-001] - -Minor changes in 1.3.4 +Important notice regarding Kerberos 4 support +--------------------------------------------- + +In the past few years, several developments have shown the inadequacy +of the security of version 4 of the Kerberos protocol. These +developments have led the MIT Kerberos Team to begin the process of +ending support for version 4 of the Kerberos protocol. The plan +involves the eventual removal of Kerberos 4 support from the MIT +implementation of Kerberos. + +The Data Encryption Standard (DES) has reached the end of its useful +life. DES is the only encryption algorithm supported by Kerberos 4, +and the increasingly obvious inadequacy of DES motivates the +retirement of the Kerberos 4 protocol. The National Institute of +Standards and Technology (NIST), which had previously certified DES as +a US government encryption standard, has officially announced[1] the +withdrawal of the Federal Information Processing Standards (FIPS) for +DES. + +NIST's action reflects the long-held opinion of the cryptographic +community that DES has too small a key space to be secure. Breaking +DES encryption by an exhaustive search of its key space is within the +means of some individuals, many companies, and all major governments. +Consequently, DES cannot be considered secure for any long-term keys, +particularly the ticket-granting key that is central to Kerberos. + +Serious protocol flaws[2] have been found in Kerberos 4. These flaws +permit attacks which require far less effort than an exhaustive search +of the DES key space. These flaws make Kerberos 4 cross-realm +authentication an unacceptable security risk and raise serious +questions about the security of the entire Kerberos 4 protocol. + +The known insecurity of DES, combined with the recently discovered +protocol flaws, make it extremely inadvisable to rely on the security +of version 4 of the Kerberos protocol. These factors motivate the MIT +Kerberos Team to remove support for Kerberos version 4 from the MIT +implementation of Kerberos. + +The process of ending Kerberos 4 support began with release 1.3 of MIT +Kerberos 5. In release 1.3, the default run-time configuration of the +KDC disables support for version 4 of the Kerberos protocol. Release +1.4 of MIT Kerberos continues to include Kerberos 4 support (also +disabled in the KDC with the default run-time configuration), but we +intend to completely remove Kerberos 4 support from some future +release of MIT Kerberos, possibly as early as the 1.5 release of MIT +Kerberos. + +The MIT Kerberos Team has ended active development of Kerberos 4, +except for the eventual removal of all Kerberos 4 functionality. We +will continue to provide critical security fixes for Kerberos 4, but +routine bug fixes and feature enhancements are at an end. + +We recommend that any sites which have not already done so begin a +migration to Kerberos 5. Kerberos 5 provides significant advantages +over Kerberos 4, including support for strong encryption, +extensibility, improved cross-vendor interoperability, and ongoing +development and enhancement. + +If you have questions or issues regarding migration to Kerberos 5, we +recommend discussing them on the kerberos@mit.edu mailing list. + + References + +[1] National Institute of Standards and Technology. Announcing + Approval of the Withdrawal of Federal Information Processing + Standard (FIPS) 43-3, Data Encryption Standard (DES); FIPS 74, + Guidelines for Implementing and Using the NBS Data Encryption + Standard; and FIPS 81, DES Modes of Operation. Federal Register + 05-9945, 70 FR 28907-28908, 19 May 2005. DOCID:fr19my05-45 + +[2] Tom Yu, Sam Hartman, and Ken Raeburn. The Perils of + Unauthenticated Encryption: Kerberos Version 4. In Proceedings of + the Network and Distributed Systems Security Symposium. The + Internet Society, February 2004. + http://web.mit.edu/tlyu/papers/krb4peril-ndss04.pdf + +---------------------------------------------------------------------- + +Major changes in 1.4.2 ---------------------- -* [957] The auth_to_local rules now allow for the client realm to be - examined. - -* [2527, 2528, 2531] Keytab file names lacking a "FILE:" prefix now work - under Windows. - -* [2533] Updated installer scripts for Windows. - -* [2534] Fixed memory leak for when an incorrect password is input to - krb5_get_init_creds_password(). - -* [2535] Added missing newline to dnssrv.c. - -* [2551, 2564] Use compile-time checks to determine endianness. - -* [2558] krb5_send_tgs() now correctly sets message_type after - receiving a KRB_ERROR message. - -* [2561, 2574] Fixed memory allocation errors in the MSLSA ccache. - -* [2562] The Windows installer works around cases where DLLs cannot be - unloaded. +* [3120] Fix [MITKRB5-SA-2005-002] KDC double-free and heap overflow. + Thanks to Daniel Wachdorf for reporting these vulnerabilities. -* [2585] Documentation correctly describes AES support in GSSAPI. +* [3121] Fix [MITKRB5-SA-2005-003] krb5_recvauth() double-free. + Thanks to Magnus Hagander for reporting this vulnerability. -Major changes in 1.3.3 +Minor changes in 1.4.2 ---------------------- -* [2284] Fixed accept_sec_context to use a replay cache in the - GSS_C_NO_CREDENTIAL case. Reported by Cesar Garcia. +* [2902] Work around broken res_ninit() in AIX 5. -* [2426] Fixed a spurious SIGPIPE that happened in the TCP sendto_kdc - code on AIX. Thanks to Bill Dodd. +* [2980] Fix a Windows deadlock condition when unloading krb5_32.dll. -* [2430] Fixed a crash in the MSLSA ccache. +* [2982] Provide some support for pre-POSIX versions of getpwnam_r() + and getpwuid_r(). -* [2453] The AES string-to-key function no longer returns a pointer to - stack memory when given a password longer than 64 characters. +* [3029] krb5_get_credentials() avoids passing errors from + krb5_cc_store_cred(). -Minor changes in 1.3.3 ----------------------- +* [3042] Fix build failure on 64-bit Solaris/SPARC. -* [2277] In sendto_kdc, a socket leak on connection failure was fixed. - Thanks to Bill Dodd. +* [3060] Work around excess stack consumption caused by large default + FD_SETSIZE in AIX. -* [2384] A memory leak in the TCP handling code in the KDC has been - fixed. Thanks to Will Fiveash. +* [3083] Avoid using "faked" telnet service when calling + getaddrinfo(). -* [2521] The Windows NSIS installer scripts are in the source tree. +* [3084] Provide better support for conditional pthread support. -* [2522] The MSLSA ccache now supports Windows 9x. +* [3098] The file-based ccache code no longer spuriously retains a + lock. -Major changes in 1.3.2 +Major changes in 1.4.1 ---------------------- -* [2040, 1471, 2067, 2077, 2079, 2166, 2167, 2220, 2266] Support for - AES in GSSAPI has been implemented. This corresponds to the - in-progress work in the IETF (CFX). - -* [2049, 2139, 2148, 2153, 2182, 2183, 2184, 2190, 2202] Added a new - ccache type "MSLSA:" for read-only access to the MS Windows LSA - cache. - -* [982] On windows, krb5.exe now has a checkbox to request addressless - tickets. +* [2913] The kadmin client library now performs authentication flavor + fallback in a useful way when attempting to contact a pre-1.4 kadmin + daemon. -* [2189, 2234] To avoid compatibility problems, unrecognized TGS - options will now be ignored. Thanks to Wyllys Ingersoll for finding - a problem with a previous fix. +* [2988] Fix telnet client buffer overflow vulnerabilities. + [MITKRB5-SA-2005-001] -* [2218] 128-bit AES has been added to the default enctypes. - -* [2223, 2229] AES cryptosystem now chains IVs. This WILL break - backwards compatibility for the kcmd applications, if they are using - AES session keys. Thanks to Wyllys Ingersoll for finding a problem - with a previous fix. - -Minor changes in 1.3.2 +Minor changes in 1.4.1 ---------------------- -* [1437] Applied patch from Stephen Grau so kinit returns non-zero - status under certain failure conditions where it had previously - returned zero. - -* [1586] On Windows, the krb4 CREDENTIALS structure has been changed - to align with KfW's version of the structure. - -* [1613] Applied patch from Dave Shrimpton to avoid truncation of - dates output from the kadmin CLI when long time zone names are - used. - -* [1622] krshd no longer calls syslog from inside a signal handler, in - an effort to avoid deadlocks on exit. - -* [1649] A com_err test program compiles properly on Darwin now. - -* [1692] A new configuration file tag "master_kdc" has been added to - allow master KDCs to be designated separately from admin servers. - -* [1702] krb5_get_host_realm() and krb5_free_host_realm() are no - longer marked as KRB5_PRIVATE. - -* [1711] Applied patch from Harry McGavran Jr to allow fake-addrinfo.h - to compile on libc5 Linux platforms. +Please see -* [1712] Applied patch from Cesar Garcia to fix lifetime computation - in krb524 ticket conversion. +http://krbdev.mit.edu/rt/NoAuth/krb5-1.4/fixed-1.4.1.html -* [1714] Fixed a 64-bit endianness bug in ticket starttime encoding in - krb524d. Found by Cesar Garcia. +for a complete list. -* [1715] kadmind4 and v5passwdd are no longer installed on Mac OS X. +* [2888] On Windows, restore library state to uninitialized when library + is unloaded. -* [1718] The krb4 library configure script now recognizes - OpenDarwin/x86. Bug found by Rob Braun. +* [2906] Map ns_rr_class to ns_rr_cl for some versions of BIND. -* [1721] krb5_get_init_creds_password() no longer returns a spurious - KRB5_REALM_UNKNOWN if DNS SRV record support is turned off. +* [2916] Perform some cleanup on library unload to avoid leaks. -* [1730] krb_mk_auth() no longer overzealously clears the key - schedule. +* [2918] krb5_get_init_creds_password() now correctly handles an empty + string passed in as a password argument. -* [1731] A double-free related to reading forwarded credentials has - been fixed. Found by Joseph Galbraith. +* [2924] gss_mech_xxx symbols are now exported on Windows. -* [1770] Applied patch from Maurice Massar to fix a foreachaddr() - problem that was causing the KDC to segfault on startup. +* [2942] Fix null pointer deref possible in threaded program calls to + profile library. -* [1790] The Linux build uses $(CC) to create shared libraries, - avoiding a libgcc problem when building libdb. +* [2949] The delta-time parser no longer conflicts with some symbols + in HP-UX header files. -* [1792] The lib/kadm5 unit tests now work around a Solaris 9 - pty-close bug. +* [2950] Deleted profile nodes are now correctly skipped by the + iterator. -* [1793] The test suite works around some Tru64 and Irix RPATH - issues, which previously could prevent tests from running on a build - with shared libraries enabled. +* [2953] Handle variant gmtime_r() on HP-UX 10. -* [1799] kadmind supports callouts to the Apple password server. +* [2955] Conditionalize the use of reverse DNS lookups in + krb5_sname_to_principal(). -* [1893] KRB-SAFE messages from older releases can now be read - successfully. Prior 1.3.x releases did not save the encoded - KRB-SAFE message, and experienced problems when re-encoding. Found - by Scooter Morris. +* [2960] gssapi.h no longer leaks preprocessor symbols. -* [1962] MS LSA tickets with short remaining lifetimes will be - rejected in favor of retrieving tickets bypassing the LSA cache. +* [2961] Fix some missing build dependencies in util/ss. -* [1973] sendto_kdc.c now closes sockets with closesocket() instead of - close(), avoiding a descriptor leak on Windows. +* [2962] Fix case of @MAINT@ substitution breaking Windows build. -* [1979] An erroneously short initial sequence number mask has been - fixed. +* [2963] On windows, fix dangerous 64-bit time_t * to long * + conversions. -* [2028] KfW now displays a kinit dialog when GSS fails to find - tickets. - -* [2051] Missing exports have been added to krb4_32.def on Windows. - -* [2058] Some problems with krb4 ticket lifetime backdating have - fixed. - -* [2060] GSSAPI's idea of the default ccache is less sticky now. - -* [2068] The profile library includes prof-int.h before conditionals - that rely on it. - -* [2084] The resolver library is no longer referenced by library code - if not building with DNS SRV record support. - -* [2085] Updated Windows README file to reflect current compilation - requirements, etc. - -* [2104] On Windows, only define strcasecmp and strncasecmp - replacement macros if said functions are missing. - -* [2106] Return an error for unimplemented ccache functions, rather - than calling through a null pointer. - -* [2118] Applied patch from Will Fiveash to use correct parameter for - KDC TCP listening sockets. - -* [2144,2230] Memory management errors in the Windows gss.exe test - client have been fixed. - -* [2171] krb5_locate_kpasswd() now correctly calls htons() on the - kpasswd port number. Found by Arlene Berry. - -* [2180] The profile library now includes pthread.h when compiled with - USE_PTHREADS. - -* [2181, 2224] A timeout has been added to gss-server, and a missing - parameter to sign_server() has been added. - -* [2196] config.{guess,sub} have been updated from autoconf-2.59. - -* [2204] Windows gss.exe now has support for specifying credentials - cache, as well as some minor bugfixes. - -* [2210] GSSAPI accept_sec_context() no longer unconditionally sets - INTEG and CONF flags in contradiction to what the initiator sent. - -* [2212] The GSS sample application has some additional options to - support testing of SSPI vs GSSAPI. - -* [2217] Windows gss.exe has new UI elements to support more flag - settings. - -* [2225] In the gss sample client, some extraneous parameters have - been removed from client_establish_context(). - -* [2228] Copyright notices updated in GSS sample apps. - -* [2233] On Windows compiles with KRB5_KFW_COMPILE, the lib path for - krbcc32.lib is now correct. - -* [2195, 2236, 2241, 2245] The Solaris 9 pty-close bug, which was - affecting the test suite, has been worked around by hacking - scheduler priorities. See the installation notes for details. - Thanks to Bill Sommerfeld for some useful hints. - -* [2258] An incorrect memcpy() statement in fakeka has been fixed. - Reported by David Thompson. - -Notes, Major Changes, and Known Bugs for 1.3.1 ----------------------------------------------- - -* [1681] The incorrect encoding of the ETYPE-INFO2 preauthentication - hint is no longer emitted, and the both the incorrect and the - correct encodings of ETYPE-INFO2 are now accepted. We STRONGLY - encourage deploying krb5-1.3.1 in preference to 1.3, especially on - client installations, as the 1.3 release did not conform to the - internet-draft for the revised Kerberos protocol in its encoding of - ETYPE-INFO2. - -* [1683] The non-caching getaddrinfo() API on Mac OS X, which was - causing significant slowdowns under some circumstances, has been - worked around. - -Minor changes in 1.3.1 ----------------------- - -* [1015] gss_accept_sec_context() now passes correct arguments to - TREAD_STR() when reading options beyond the forwarded credential - option. Thanks to Emily Ratliff. - -* [1365] The GSSAPI initiator credentials are no longer cached inside - the GSSAPI library. - -* [1651] A buffer overflow in krb_get_admhst() has been fixed. - -* [1655] krb5_get_permitted_enctypes() and krb5_set_real_time() are - now exported for use by Samba. - -* [1656] gss_init_sec_context() no longer leaks credentials under some +* [2964] Fix invalid return value from krb5_c_is_keyed_cksum() during error conditions. -* [1657] krb_get_lrealm() no longer returns "ATHENA.MIT.EDU" - inappropriately. - -* [1664] The crypto library no longer has bogus dependencies on - com_err. - -* [1665] krb5_init_context() no longer multiply registers error tables - when called more than once, preventing a memory leak. - -* [1666] The GSS_C_NT_* symbols are now exported from gssapi32.dll on - Windows. - -* [1667] ms2mit now imports any tickets with supported enctypes, and - does not import invalid tickets. - -* [1677] krb5_gss_register_acceptor_identity() no longer has an - off-by-one in its memory allocation. - -* [1679] krb5_principal2salt is now exported on all platforms. - -* [1684] The file credentials cache is now supported if USE_CCAPI is - defined, i.e., for KfM and KfW. - -* [1691] Documentation for the obsolete kdc_supported_enctypes config - variable has been removed. - -Notes, Major Changes, and Known Bugs for 1.3 --------------------------------------------- - -* We now install the compile_et program, so other packages can use the - installed com_err library with their own error tables. (If you use - our com_err code, that is; see below.) - -* The header files we install now assume ANSI/ISO C ('89, not '99). - We have stopped testing on SunOS 4, even with gcc. Some of our code - now has C89-based assumptions, like free(NULL) being well defined, - that will probably frustrate any attempts to run this code under SunOS - 4 or other pre-C89 systems. - -* Some new code, bug fixes, and cleanup for IPv6 support. Most of the - code should support IPv6 transparently now. The RPC code (and - therefore the admin system, which is based on it) does not yet - support IPv6. The support for Kerberos 4 may work with IPv6 in very - limited ways, if the address checking is turned off. The FTP client - and server do not have support for the new protocol messages needed - for IPv6 support (RFC 2428). - -* We have upgraded to autoconf 2.52 (or later), and the syntax for - specifying certain configuration options have changed. For example, - autoconf 2.52 configure scripts let you specify command-line options - like "configure CC=/some/path/foo-cc", so we have removed some of - our old options like --with-cc in favor of this approach. - -* The client libraries can now use TCP to connect to the KDC. This - may be necessary when talking to Microsoft KDCs (domain controllers), - if they issue you tickets with lots of PAC data. - -* If you have versions of the com_err or ss installed locally, you can - use the --with-system-et and --with-system-ss configure options to - use them rather than using the versions supplied here. Note that - the interfaces are assumed to be similar to those we supply; in - particular, some older, divergent versions of the com_err library - may not work with the krb5 sources. Many configure-time variables - can be used to help the compiler and linker find the installed - packages; see the build documentation for details. +* [2971] thread_termination now correctly frees thread-specific data. -* The AES cryptosystem has been implemented. However, support in the - Kerberos GSSAPI mechanism has not been written (or even fully - specified), so it's not fully enabled. See the documentation for - details. +* [2974] krb5_get_init_creds_keytab() no longer produces spurious + KRB5_REALM_UNKNOWN errors when a master KDC is not listed in the + configuration. -Major changes listed by ticket ID ---------------------------------- - -* [492] PRNG breakage on 64-bit platforms no longer an issue due to - new PRNG implementation. - -* [523] Client library is now compatible with the RC4-based - cryptosystem used by Windows 2000. - -* [709] krb4 long lifetime support has been implemented. - -* [880] krb5_gss_register_acceptor_identity() implemented (is called - gsskrb5_register_acceptor_identity() by Heimdal). - -* [1087] ftpd no longer requires channel bindings, allowing easier use - of ftp from behind a NAT. - -* [1156, 1209] It is now possible to use the system com_err to build - this release. - -* [1174] TCP support added to client library. - -* [1175] TCP support added to the KDC, but is disabled by default. - -* [1176] autoconf-2.5x is now required by the build system. - -* [1184] It is now possible to use the system Berkeley/Sleepycat DB - library to build this release. - -* [1189, 1251] The KfM krb4 library source base has been merged. - -* [1190] The default KDC master key type is now triple-DES. KDCs - being updated may need their config files updated if they are not - already specifying the master key type. - -* [1190] The default ticket lifetime and default maximum renewable - ticket lifetime have been extended to one day and one week, - respectively. - -* [1191] A new script, k5srvutil, may be used to manipulate keytabs in - ways similar to the krb4 ksrvutil utility. - -* [1281] The "fakeka" program, which emulates the AFS kaserver, has - been integrated. Thanks to Ken Hornstein. - -* [1343] The KDC now defaults to not answering krb4 requests. - -* [1344] Addressless tickets are requested by default now. - -* [1372] There is no longer a need to create a special keytab for - kadmind. The legacy administration daemons "kadmind4" and - "v5passwdd" will still require a keytab, though. - -* [1377, 1442, 1443] The Microsoft set-password protocol has been - implemented. Thanks to Paul Nelson. - -* [1385, 1395, 1410] The krb4 protocol vulnerabilities - [MITKRB5-SA-2003-004] have been worked around. Note that this will - disable krb4 cross-realm functionality, as well as krb4 triple-DES - functionality. Please see doc/krb4-xrealm.txt for details of the - patch. - -* [1393] The xdrmem integer overflows [MITKRB5-SA-2003-003] have - been fixed. - -* [1397] The krb5_principal buffer bounds problems - [MITKRB5-SA-2003-005] have been fixed. Thanks to Nalin Dahyabhai. - -* [1415] Subsession key negotiation has been fixed to allow for - server-selected subsession keys in the future. - -* [1418, 1429, 1446, 1484, 1486, 1487, 1535, 1621] The AES - cryptosystem has been implemented. It is not usable for GSSAPI, - though. - -* [1491] The client-side functionality of the krb524 library has been - moved into the krb5 library. - -* [1550] SRV record support exists for Kerberos v4. - -* [1551] The heuristic for locating the Kerberos v4 KDC by prepending - "kerberos." to the realm name if no config file or DNS information - is available has been removed. - -* [1568, 1067] A krb524 stub library is built on Windows. - -Minor changes listed by ticket ID ---------------------------------- - -* [90] default_principal_flags documented. - -* [175] Docs refer to appropriate example domains/IPs now. - -* [299] kadmin no longer complains about missing kdc.conf parameters - when it really means krb5.conf parameters. - -* [318] Run-time load path for tcl is set now when linking test - programs. - -* [443] --includedir honored now. - -* [479] unused argument in try_krb4() in login.c deleted. - -* [590] The des_read_pw_string() function in libdes425 has been - aligned with the original krb4 and CNS APIs. - -* [608] login.krb5 handles SIGHUP more sanely now and thus avoids - getting the session into a weird state w.r.t. job control. - -* [620] krb4 encrypted rcp should work a little better now. Thanks to - Greg Hudson. - -* [647] libtelnet/kerberos5.c no longer uses internal include files. - -* [673] Weird echoing of admin password in kadmin client worked around - by not using buffered stdio calls to read passwords. - -* [677] The build system has been reworked to allow the user to set - CFLAGS, LDFLAGS, CPPFLAGS, etc. reasonably. - -* [680] Related to [673], rewrite krb5_prompter_posix() to no longer - use longjmp(), thus avoiding some bugs relating to non-restoration - of terminal settings. - -* [697] login.krb5 no longer zeroes out the terminal window size. - -* [710] decomp_ticket() in libkrb4 now looks up the local realm name - more correctly. Thanks to Booker Bense. - -* [771] .rconf files are excluded from the release now. - -* [772] LOG_AUTHPRIV syslog facility is now usable for logging on - systems that support it. +* [2975] Fix missing semicolon in x-deltat.y which was causing some + versions of Bison to produce un-compilable C files. -* [844] krshd now syslogs using the LOG_AUTH facility. +* [2981] Restores some shared library support for HP-UX 10. -* [850] Berekely DB build is better integrated into the krb5 library - build process. +* [2992] Fix some Makefile quoting problems which were preventing + gssapi_krb5.h from being created on AIX 5. -* [866] lib/krb5/os/localaddr.c and kdc/network.c use a common source - for local address enumeration now. +* [3000] Cast null pointer arguments to variadic functions, which is + necessary on some 64-bit platforms. -* [882] gss-client now correctly deletes the context on error. +Major changes in 1.4 +-------------------- -* [919] kdc/network.c problems relating to SIOCGIFCONF have been - fixed. +* [841] Merged Athena telnetd changes for creating a new option for + requiring encryption. -* [922] An overflow in the string-to-time conversion routines has been - fixed. +* [1349, 2578, 2601, 2606, 2613, 2743, 2775, 2778, 2877] Add + implementation of the RPCSEC_GSS authentication flavor to the RPC + library. Thanks to Kevin Coffman and the CITI group at the + University of Michigan. -* [933] krb524d now handles single-DES session keys other than of type - des-cbc-crc. +* [2061] The kadmind4 backwards-compatibility admin server and the + v5passwdd backwards-compatibility password-changing server have been + removed. -* [935] des-cbc-md4 now included in default enctypes. +* [1303, 2740, 2755, 2781, 2782, 2812, 2858, 2859, 2874, 2875, 2878, + 2879, 2884, 2893] Thread safety for krb5 libraries. -* [939] A minor grammatical error has been fixed in a telnet client - error message. +* [2410] Yarrow code now uses AES. -* [953] des3 no longer failing on Windows due to SHA1 implementation - problems. +* [2678, 2802] New client commands kcpytkt and kdeltkt for Windows. -* [964] kdb_init_hist() no longer fails if master_key_enctype is not - in supported_enctypes. +* [2688] New command mit2ms on Windows. -* [970] A minor inconsistency in ccache.tex has been fixed. +* [2762] Merged Athena changes to allow ftpd to require encrypted + passwords. -* [971] option parsing bugs rendered irrelevant by removal of unused - gss mechanism. +* [2587] Incorporate gss_krb5_set_allowable_enctypes() and + gss_krb5_export_lucid_sec_context(), which are needed for NFSv4, + from Kevin Coffman. -* [976] make install mentioned in build documentation. +* [2841] Fix heap buffer overflow in password history + mechanism. [MITKRB5-SA-2004-004] -* [986] Related to [677], problems with the ordering of LDFLAGS - initialization rendered irrelevant by use of native autoconf - idioms. +Minor changes in 1.4 +-------------------- -* [992] Related to [677], quirks with --with-cc no longer relevant as - AC_PROG_CC is used instead now. +Please see -* [999] The kdc_default_options configuration variable is now honored. - Thanks to Emily Ratliff. +http://krbdev.mit.edu/rt/NoAuth/krb5-1.4/fixed-1.4.html -* [1006] Client library, as well as KDC, now perform reasonable - sorting of ETYPE-INFO preauthentication data. +for a complete list. -* [1055] NULL pointer dereferences in code calling - krb5_change_password() have been fixed. +* [249] Install example config files. -* [1063] Initial credentials acquisition failures related to client - host having a large number of local network interfaces should be - fixed now. +* [427] PATH environment variable won't be overwritten by login.krb5 + if already set. -* [1064] Incorrect option parsing in the gssapi library is no longer - relevant due to removal of the "v2" mechanism. +* [696] Sample KDC propagation script fixed. -* [1065, 1225] krb5_get_init_creds_password() should properly warn about - password expiration. +* [868] Fixed search for res_search() and friends. -* [1066] printf() argument mismatches in rpc unit tests fixed. +* [927] Compilation on Tru64 now detects GNU linker and chooses + whether to use -oldstyle_liblookup accordingly. -* [1085] The krb5.conf manpage has been re-synchronized with other - documentation. +* [1044] port-sockets.h explicitly declares h_errno if the declaration + is missing. -* [1102] gssapi_generic.h should now work with C++. +* [1210] KDC cleans up some per-listener state upon process + termination to avoid spurious memory leak indications. -* [1135] The kadm5 ACL system is better documented. +* [1335] The server side of the Horowitz password-change protocol now + checks for minimum password life. -* [1136] Some documentation for the setup of cross-realm - authentication has been added. +* [1345, 2730, 2757] patchlevel.h is now the master version file. -* [1164] krb5_auth_con_gen_addrs() now properly returns errno instead - of -1 if getpeername() fails. +* [1364] GNU sed is no longer required to make depend on Irix. -* [1173] Address-less forwardable tickets will remain address-less - when forwarded. +* [1383] SRV record support now handles "." target and adds trailing + dots to avoid spurious multiple hostname queries. -* [1178, 1228, 1244, 1246, 1249] Test suite has been stabilized - somewhat. +* [1497] A memory leak in the krb5 context serializer has been fixed. -* [1188] As part of the modernization of our usage of autoconf, - AC_CONFIG_FILES is now used instead of passing a list of files to - AC_OUTPUT. +* [1570] Some team procedures now documented. -* [1194] configure will no longer recurse out of the top of the source - tree when attempting to locate the top of the source tree. +* [1588] Automatic rebuilding of configure scripts, etc. are only done + if --enable-maintainer-mode is passed to configure. -* [1192] Documentation for the krb5 afs functionality of krb524d has - been written. +* [1623] Memory management in the ftp client has been cleaned up. -* [1195] Example krb5.conf file modified to include all enctypes - supported by the release. +* [1724] DNS SRV record lookup support is unconditionally built on + Unix. -* [1202] The KDC no longer rejects unrecognized flags. +* [1791] Replacement for daemon() is compiled separately each time it + is needed, rather than ending up in the krb5 library. -* [1203] krb5_get_init_creds_keytab() no longer does a double-free. +* [1806] Default to building shared libraries on most platforms that + support them. -* [1211] The ASN.1 code no longer passes (harmless) uninitialized - values around. +* [1847] Fixed daemon() replacement to build on Tru64. -* [1212] libkadm5 now allows for persistent exclusive database locks. +* [1850] Fixed some 0 vs NULL issues. -* [1217] krb5_read_password() and des_read_password() are now - implemented via krb5_prompter_posix(). +* [2066] AES-only configuration now tested in test suite. -* [1224] For SAM challenges, omitted optional strings are no longer - encoded as zero-length strings. +* [2219] Fixed memory leak in KDC preauth handling. -* [1226] Client-side support for SAM hardware-based preauth - implemented. +* [2256] Use $(CC) rather than ld to build shared libs on Tru64 and + Irix. -* [1229] The keytab search logic no longer fails prematurely if an - incorrect encryption type is found. Thanks to Wyllys Ingersoll. +* [2276] Support for the non-standard enctype + ENCTYPE_LOCAL_DES3_HMAC_SHA1 has been removed. -* [1232] If the master KDC cannot be resolved, but a slave is - reachable, the client library now returns the real error from the - slave rather than the resolution failure from the master. Thanks to - Ben Cox. +* [2285] Test suite checks TCP access to KDC. -* [1234] Assigned numbers for SAM preauth have been corrected. - sam-pk-for-sad implementation has been aligned. +* [2295] Minor stylistic cleanup in gss-client. -* [1237] Profile-sharing optimizations from KfM have been merged. +* [2296, 2370, 2424] krb5_get_init_creds() APIs avoid multiple queries + to master KDC. -* [1240] Windows calling conventions for krb5int_c_combine_keys() have - been aligned. +* [2379] Remove _XOPEN_EXTENDED hack previously used for HP-UX. -* [1242] Build system incompatibilities with Debian's chimeric - autoconf installation have been worked around. +* [2432] Only sanity-check setutent() API if utmpx.h is not present, + as this was preventing recent NetBSD from configuring. -* [1256] Incorrect sizes passed to memset() in combine_keys() - operations have been corrected. +* [2525] kvno.exe installed on Windows. -* [1260] Client credential lookup now gets new service tickets in - preference to attempting to use expired ticketes. Thanks to Ben - Cox. +* [2529] Fix some internal type inconsistencies in gssapi library. -* [1262, 1572] Sequence numbers are now unsigned; negative sequence - numbers will be accepted for the purposes of backwards - compatibility. +* [2530] Fix KRB5_CALLCONV usage in krb5_cc_resolve(). -* [1263] A heuristic for matching the incorrectly encoded sequence - numbers emitted by Heimdal implementations has been written. +* [2537] Apply fix from John Hascall to make krb5_get_in_tkt() + emulation actually honor the lifetimes in the input credentials. -* [1284] kshd accepts connections by IPv6 now. +* [2539] Create manpage for krb524d. -* [1292] kvno manpage title fixed. +* [2573] The rcache code no longer attempts to close a negative file + descriptor from a failed open. -* [1293] Source files no longer explicitly attempt to declare errno. +* [2591] The gssapi library now requires that the initiator's channel + bindings match those provided by the acceptor, if the acceptor + provides them at all. -* [1304] kadmind4 no longer leaves sa_flags uninitialized. +* [2592] Fix some HP-UX 11 compilation issues. -* [1305] Expired tickets now cause KfM to pop up a password dialog. +* [2598] Fix some HP-UX 11 foreachaddr() issues. -* [1309] krb5_send_tgs() no longer leaks the storage associated with - the TGS-REQ. +* [2600] gss_accept_sec_context() no longer leaks rcaches. -* [1310] kadm5_get_either() no longer leaks regexp library memory. +* [2603] Clean up some issues relating to use of reserved namespace in + k5-platform.h. -* [1311] Output from krb5-config no longer contains spurious uses of - $(PURE). +* [2614] Rewrite handling of whitespace in profile library to better + handle whitespace around tag names. -* [1324] The KDC no longer logs an inappropriate "no matching key" - error when an encrypted timestamp preauth password is incorrect. +* [2629] Fix double-negation of a preprocessor test in osconf.h. -* [1334] The KDC now returns a clockskew error when the timestamp in - the encrypted timestamp preauth is out of bounds, rather than just - returning a preauthentcation failure. +* [2637] krb5int_zap_data() uses SecureZeroMemory on Windows instead + of memset(). -* [1342] gawk is no longer required for building kerbsrc.zip for the - Windows build. +* [2654] krb5_get_init_creds() checks for overflow/underflow on 32-bit + timestamps. -* [1346] gss_krb5_ccache_name() no longer attempts to return a pointer - to freed memory. +* [2655] krb5_get_init_creds() no longer issues requests where the + renew_until time precedes the expiration time. -* [1351] The filename globbing vulnerability [CERT VU#258721] in the - ftp client's handling of filenames beginning with "|" or "-" - returned from the "mget" command has been fixed. +* [2656] krb5_get_init_creds() supports ticket_lifetime libdefault. -* [1352] GSS_C_PROT_READY_FLAG is no longer asserted inappropriately - during GSSAPI context establishment. +* [2657] Default ccache name is evaluated more lazily. -* [1356] krb5_gss_accept_sec_context() no longer attempts to validate - a null credential if one is passed in. +* [2661] Handle return of ai_canonname=NULL from getaddrinfo(). -* [1362] The "-a user" option to telnetd now does the right thing. - Thanks to Nathan Neulinger. +* [2665] Fix leak in cc_resolve, reported by Paul Moore. -* [1363] ksu no longer inappropriately syslogs to stderr. +* [2674] libkadm5 acl_init() API renamed to avoid conflict with MacOS + X acl API. -* [1357] krb__get_srvtab_name() no longer leaks memory. +* [2684, 2710, 2728] Use BIND 8 parsing API when available. -* [1370] GSS_C_NO_CREDENTIAL now accepts any principal in the keytab. +* [2685] The profile library iterators no longer get confused when + modifications are made to the in-memory profile. -* [1373] Handling of SAM preauth no longer attempts to stuff a size_t - into an unsigned int. +* [2694] The krb5-config script now has a manpage. -* [1387] BIND versions later than 8 now supported. +* [2704] New ccache API flag to request only information, not actual + credentials. -* [1392] The getaddrinfo() wrapper should work better on AIX. +* [2705] Support for upcoming read/write MSLSA ccache. -* [1400] If DO_TIME is not set in the auth_context, and no replay - cache is available, no replay cache will be used. +* [2706] resolv.h is included when searching for res_search() and + friends, to account for symbol renaming. -* [1406, 1108] libdb is no longer installed. If you installed - krb5-1.3-alpha1, you should ensure that no spurious libdb is left in - your install tree. +* [2715] The install-strip make target no longer attempts to strip + scripts. -* [1412] ETYPE_INFO handling no longer goes into an infinite loop. +* [2718] Fix memory leak in arcfour string_to_key. Reported by + Derrick Schommer. -* [1414] libtelnet is now built using the same library build framework - as the rest of the tree. +* [2719] Fix memory leak in rd_cred.c. Reported by Derrick Schommer. -* [1417] A minor memory leak in krb5_read_password() has been fixed. +* [2725] Fix memory leak in mk_req_extended(). Reported by Derrick + Schommer. -* [1419] A memory leak in asn1_decode_kdc_req_body() has been fixed. +* [2729] Add some new version strings for Windows. -* [1435] inet_ntop() is now emulated when needed. +* [2734] The ticket_lifetime libdefault now uses units of seconds by + default, if no units are provided. -* [1439] krb5_free_pwd_sequences() now correctly frees the entire - sequence of elements. +* [2741] The profile library's error tables aren't loaded on MacOS X. -* [1440] errno is no longer explicitly declared. +* [2750] Calls to the profile library which set values no longer fail + if the file is not writable. -* [1441] kadmind should now return useful errors if an unrecognized - version is received in a changepw request. +* [2751] The profile library has a new API to detect whether the + default profile is writable. -* [1454, 1480, 1517, 1525] The etype-info2 preauth type is now - supported. +* [2753] An initial C implementation of CCAPI has been done. -* [1459] (KfM/KLL internal) config file resolution can now be - prevented from accessing the user's homedir. +* [2754] fake-addrinfo.h includes errno.h earlier. -* [1463] Preauth handling in the KDC has been reorganized. +* [2756] The profile library calls stat() less frequently on files. -* [1470] Double-free in client-side preauth code fixed. +* [2760, 2780] The keytab implementation checks for cases where + fopen() can return NULL without setting errno. Reported by Roland + Dowdeswell. -* [1473] Ticket forwarding when the TGS and the end service have - different enctypes should work somewhat better now. +* [2770] com_err now creates valid prototypes for generated files. + Reported by Jeremy Allison. -* [1474] ASN.1 testsuite memory management has been cleaned up a - little to allow for memory leak checking. +* [2772, 2797] The krb4 library now honors the dns_fallback libdefault + setting. -* [1476] Documentation updated to reflect default krb4 mode. +* [2776, 2779] Solaris patches exist for the pty-close race condition + bug. We check for these patches now checked, and don't apply the + priocntl hack if they are present. -* [1482] RFC-1964 OIDs now provided using the suggested symbolic - names. +* [2783] ftpcmds.y unconditionally defines NBBY to 8. -* [1483, 1528] KRB5_DEPRECATED is now false by default on all - platforms. +* [2793] locate_kdc.c can compile if KRB5_DNS_LOOKUP isn't defined, + though we removed the configure-time option for this. -* [1488] The KDC will now return integrity errors if a decryption - error is responsible for preauthentication failure. +* [2795] Fixed some addrinfo problems that affected Irix. -* [1492] The autom4te.cache directories are now deleted from the - release tarfiles. +* [2796, 2840] Calling conventions for some API functions for Windows + have been fixed. -* [1501] Writable keytabs are registered by default. +* [2805] Windows NSIS installer script updated. -* [1515] The check for cross-realm TGTs no longer reads past the end - of an array. +* [2808] Support library renamed on Windows. -* [1518] The kdc_default_options option is now actually honored. +* [2815] krb5-config updated to reference new support library. -* [1519] The changepw protocol implementation in kadmind now logs - password changes. +* [2814, 2816] Some MSLSA ccache features depending on non-public SDK + features were backed out. -* [1520] Documentation of OS-specific build options has been updated. +* [2818] Don't create empty array for addresses in MSLSA ccache. -* [1536] A missing prototype for krb5_db_iterate_ext() has been - added. +* [2832] Fix shared library build on sparc64-netbsd. -* [1537] An incorrect path to kdc.conf show in the kdc.conf manpage - has been fixed. +* [2833, 2834, 2835] Add support for generating/installing debugging + symbols on Windows. -* [1540] verify_as_reply() will only check the "renew-till" time - against the "till" time if the RENEWABLE is not set in the request. +* [2838] Fix termination of incorrect string in telnetd. -* [1547] gssftpd no longer uses vfork(), as this was causing problems - under RedHat 9. +* [2854] Fix memory leak in ccache. -* [1549] SRV records with a value of "." are now interpreted as a lack - of support for the protocol. +* [2857] Fix memory leak in asn1_decode_generaltime(). -* [1553] The undocumented (and confusing!) kdc_supported_enctypes - kdc.conf variable is no longer used. +* [2861] Minor documenation fixes. -* [1560] Some spurious double-colons in password prompts have been - fixed. +* [2864] Fix IPv6 support on Windows. -* [1571] The test suite tries a little harder to get a root shell. +* [2865] New API function krb5_is_thread_safe() to test for thread + safety. -* [1573] The KfM build process now sets localstatedir=/var/db. +* [2870, 2881] Fix crash in MSLSA ccache. -* [1576, 1575] The client library no longer requests RENEWABLE_OK if - the renew lifetime is greater than the ticket lifetime. +* [2871] Handle read() returning -1 in prng.c. -* [1587] A more standard autoconf test to locate the C compiler allows - for gcc to be found by default without additional configuration - arguments. +* [2872] Fix memory leak in DNS lookup code. -* [1593] Replay cache filenames are now escaped with hyphens, not - backslashes. +* [2887] Fix null pointer dereference in krb5_unparse_name(). -* [1598] MacOS 9 support removed from in-tree com_err. +* [2892] Fix some gcc-4.0 compatibility problems. -* [1602] Fixed a memory leak in make_ap_req_v1(). Thanks to Kent Wu. - -* [1604] Fixed a memory leak in krb5_gss_init_sec_context(), and an - uninitialized memory reference in kg_unseal_v1(). Thanks to Kent - Wu. - -* [1607] kerberos-iv SRV records are now documented. - -* [1610] Fixed AES credential delegation under GSSAPI. - -* [1618] ms2mit no longer inserts local addresses into tickets - converted from the MS ccache if they began as addressless tickets. - -* [1619] etype_info parser (once again) accepts extra field emitted by - Heimdal. - -* [1643] Some typos in kdc.conf.M have been fixed. - -* [1648] For consistency, leading spaces before preprocessor - directives in profile.h have been removed. - ---[ DELETE BEFORE RELEASE ---changes to unreleased code, etc.--- ]-- - -* [1054] KRB-CRED messages for RC4 are encrypted now. - -* [1177] krb5-1-2-2-branch merged onto trunk. - -* [1193] Punted comment about reworking key storage architecture. - -* [1208] install-headers target implemented. - -* [1223] asn1_decode_oid, asn1_encode_oid implemented - -* [1248] RC4 is explicitly excluded from combine_keys. - -* [1276] Generated dependencies handle --without-krb4 properly now. - -* [1339] An inadvertent change to the krb4 get_adm_hst API (strcpy vs - strncpy etc.) has been fixed. - -* [1384, 1413] Use of autoconf-2.52 in util/reconf will now cause a - warning. - -* [1388] DNS support is turned on in KfM. - -* [1391] Fix kadmind startup failure with krb4 vuln patch. - -* [1409] get_ad_tkt() now prompts for password if there are no tickets - (in KfM). - -* [1447] vts_long() and vts_short() work now. - -* [1462] KfM adds exports of set_pw calls. - -* [1477] compile_et output not used in err_txt.c. - -* [1495] KfM now exports string_to_key_with_params. - -* [1512, 1522] afs_string_to_key now works with etype_info2. - -* [1514] krb5int_populate_gic_opt returns void now. - -* [1521] Using an afs3 salt for an AES key no longer causes - segfaults. - -* [1533] krb524.h no longer contains invalid Mac pragmas. - -* [1546] krb_mk_req_creds() no longer zeros the session key. - -* [1554] The krb4 string-to-key iteration now accounts correctly for - the decrypt-in-place semantics of libdes425. - -* [1557] KerberosLoginPrivate.h is now correctly included for the use - of __KLAllowHomeDirectoryAccess() in init_os_ctx.c (for KfM). - -* [1558] KfM exports the new krb524 interface. - -* [1563] krb__get_srvtaname() no longer returns a pointer that is - free()d upon a subsequent call. - -* [1569] A debug statement has been removed from krb524init. - -* [1592] Document possible file rename lossage when building against - system libdb. - -* [1594] Darwin gets an explicit dependency of err_txt.o on - krb_err.c. - -* [1596] Calling conventions, etc. tweaked for KfW build of - krb524.dll. - -* [1600] Minor tweaks to README to improve notes on IPv6, etc. - -* [1605] Fixed a leak of subkeys in krb5_rd_rep(). - -* [1630] krb5_get_in_tkt_with_keytab() works now; previously borken by - reimplementation in terms of krb5_get_init_creds(). - -* [1642] KfM build now inherits CFLAGS and LDFLAGS from parent project. +* [2891] lib/kdb/keytab.c no longer accesses an uninitialized variable. Copyright Notice and Legal Administrivia ---------------------------------------- -Copyright (C) 1985-2004 by the Massachusetts Institute of Technology. +Copyright (C) 1985-2005 by the Massachusetts Institute of Technology. All rights reserved. @@ -1130,49 +659,64 @@ src/lib/crypto/aes has the following copyright: in respect of any properties, including, but not limited to, correctness and fitness for purpose. - - -Acknowledgements ----------------- +---- The implementation of the RPCSEC_GSS authentication flavor in +src/lib/rpc has the following copyright: + + Copyright (c) 2000 The Regents of the University of Michigan. + All rights reserved. + + Copyright (c) 2000 Dug Song <dugsong@UMICH.EDU>. + All rights reserved, all wrongs reversed. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. Neither the name of the University nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +Acknowledgments +--------------- Appreciation Time!!!! There are far too many people to try to thank them all; many people have contributed to the development of Kerberos V5. This is only a partial listing.... -Thanks to Paul Vixie and the Internet Software Consortium for funding -the work of Barry Jaspan. This funding was invaluable for the OV -administration server integration, as well as the 1.0 release -preparation process. - -Thanks to John Linn, Scott Foote, and all of the folks at OpenVision -Technologies, Inc., who donated their administration server for use in -the MIT release of Kerberos. - -Thanks to Jeff Bigler, Mark Eichin, Marc Horowitz, Nancy Gilman, Ken -Raeburn, and all of the folks at Cygnus Support, who provided -innumerable bug fixes and portability enhancements to the Kerberos V5 -tree. Thanks especially to Jeff Bigler, for the new user and system -administrator's documentation. +Thanks to Kevin Coffman and the CITI group at the University of +Michigan for providing patches for implementing RPCSEC_GSS +authentication in the RPC library. -Thanks to Doug Engert from ANL for providing many bug fixes, as well -as testing to ensure DCE interoperability. +Thanks to Derrick Schommer for reporting multiple memory leaks. -Thanks to Ken Hornstein at NRL for providing many bug fixes and -suggestions, and for working on SAM preauthentication. +Thanks to Quanah Gibson-Mount of Stanford University for helping +exercise the thread support code. -Thanks to Matt Crawford at FNAL for bugfixes and enhancements. +Thanks to Michael Tautschnig for reporting the heap buffer overflow in +the password history mechanism. [MITKRB5-SA-2004-004] -Thanks to Sean Mullan and Bill Sommerfeld from Hewlett Packard for -their many suggestions and bug fixes. +Thanks to Wyllys Ingersoll for finding a buffer-size problem in the +RPCSEC_GSS implementation. -Thanks to Nalin Dahyabhai of RedHat and Chris Evans for locating and -providing patches for numerous buffer overruns. - -Thanks to Christopher Thompson and Marcus Watts for discovering the -ftpd security bug. - -Thanks to Paul Nelson of Thursby Software Systems for implementing the -Microsoft set password protocol. +Thanks to iDEFENSE for bringing to our attention the vulnerabilities +in the telnet client. [MITKRB5-SA-2005-001] Thanks to the members of the Kerberos V5 development team at MIT, both past and present: Danilo Almeida, Jeffrey Altman, Jay Berkenbilt, @@ -1183,3 +727,10 @@ Peter Litwack, Scott McGuire, Kevin Mitchell, Cliff Neuman, Paul Park, Ezra Peisach, Chris Provenzano, Ken Raeburn, Jon Rochlis, Jeff Schiller, Jen Selby, Brad Thompson, Harry Tsai, Ted Ts'o, Marshall Vale, Tom Yu. + +Very special thanks go to Marshall Vale, our departing team leader. +Over the past few years, Marshall has been extremely valuable to us as +mentor, advisor, manager, and friend. Marshall's devotion as a +champion of Kerberos has helped our team immensely through many trials +and hardships. We will miss him tremendously, and we wish him the +best in his future endeavors. |