1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
|
Kerberos Version 5, Release 1.6.1
Release Notes
The MIT Kerberos Team
Unpacking the Source Distribution
---------------------------------
The source distribution of Kerberos 5 comes in a gzipped tarfile,
krb5-1.6.1.tar.gz. Instructions on how to extract the entire
distribution follow.
If you have the GNU tar program and gzip installed, you can simply do:
gtar zxpf krb5-1.6.1.tar.gz
If you don't have GNU tar, you will need to get the FSF gzip
distribution and use gzcat:
gzcat krb5-1.6.1.tar.gz | tar xpf -
Both of these methods will extract the sources into krb5-1.6.1/src and
the documentation into krb5-1.6.1/doc.
Building and Installing Kerberos 5
----------------------------------
The first file you should look at is doc/install-guide.ps; it contains
the notes for building and installing Kerberos 5. The info file
krb5-install.info has the same information in info file format. You
can view this using the GNU emacs info-mode, or by using the
standalone info file viewer from the Free Software Foundation. This
is also available as an HTML file, install.html.
Other good files to look at are admin-guide.ps and user-guide.ps,
which contain the system administrator's guide, and the user's guide,
respectively. They are also available as info files
kerberos-admin.info and krb5-user.info, respectively. These files are
also available as HTML files.
If you are attempting to build under Windows, please see the
src/windows/README file.
Reporting Bugs
--------------
Please report any problems/bugs/comments using the krb5-send-pr
program. The krb5-send-pr program will be installed in the sbin
directory once you have successfully compiled and installed Kerberos
V5 (or if you have installed one of our binary distributions).
If you are not able to use krb5-send-pr because you haven't been able
compile and install Kerberos V5 on any platform, you may send mail to
krb5-bugs@mit.edu.
You may view bug reports by visiting
http://krbdev.mit.edu/rt/
and logging in as "guest" with password "guest".
Major changes in krb5-1.6.1
---------------------------
[5508] Fix MITKRB5-SA-2007-001: telnetd allows login as arbitrary user
[CVE-2007-0956, VU#220816]
[5507] Fix MITKRB5-SA-2007-002: buffer overflow in krb5_klog_syslog
[CVE-2007-0957, VU#704024]
[5445] Fix MITKRB5-SA-2007-003: double-free in kadmind - the RPC
library could perform a double-free due to a GSS-API library
bug [CVE-2007-1216, VU#419344]
[5293] fix crash creating db2 database in non-existent directory
krb5-1.6.1 changes by ticket ID
-------------------------------
Listed below are the RT tickets of bugs fixed in krb5-1.6.1. Please see
http://krbdev.mit.edu/rt/NoAuth/krb5-1.6/fixed-1.6.1.html
for a current listing with links to the complete tickets.
2724 kdc.conf man page typo in v4_mode section
5233 Change in behaviour in gss_release_buffer() by mechtypes
introduces memory leak
5238 fix leak in gss_krb5int_unseal_token_v3
5246 Memory leak in tests/gssapi/t_imp_name.c
5257 error on gethostbyname is tested on errno instead of h_errno
5293 crash creating db2 database in non-existent directory
5294 create KDC database directory
5343 updated Windows README
5344 Update to KFW NSIS installer
5349 Proposed implementation of krb5_server_decrypt_ticket_keyblock
and krb5_server_decrypt_ticket_keytab
5353 kfw wix installer - memory overwrite error
5393 krb5-1.6: tcp kpasswd service required if only admin_server is
specified in krb5.conf
5394 krb5-1.6: segfault on password change
5396 Master ticket for NetIdMgr 1.2 commits
5397 NIM string tables
5398 NIM Kerberos v4 configuration dialog
5399 NIM Correct Visual Identity Expiration Status
5400 NIM Kerberos 5 Provider corrections
5403 Add KDC timesyncing support to the CCAPI ccache backend
5408 NIM - Context sensitive system tray menu and more
5409 KFW MSI installer corrections
5410 kt_file.c memory leak on error in krb5_kt_resolve /
krb5_kt_wresolve
5414 NIM Bug Fixes
5418 KFW: 32-bit builds use the pismere krbv4w32.dll library
5419 Microsoft Windows Visual Studio does not define ssize_t
5420 get_init_creds_opt extensibility
5437 hack to permit GetEnvironmentVariable usage without requiring
getenv() conversion
5445 gsstest doesn't like krb5-1.6 GSSAPI library
[also MITKRB5-SA-2007-003]
5446 KfW 3.1: stderr of kinit/klist/kdestroy cannot be re-directed
to file
5447 tail portability bug in k5srvutil
5452 NIM Improved Alert Management
5453 Windows - some apps define ssize_t as a preprocessor symbol
5454 krb5_get_cred_from_kdc fails to null terminate the tgt list
5455 valgrind detects uninitialized (but really unused) bytes in
'queue'
5457 More existence tests; path update
5458 osf1: get proper library dependencies installed
5461 reverting commit to windows WIX installer (revision 19207)
5469 KFW: Vista Integrated Logon
5476 Zero sockaddrs in fai_add_entry() so we can compare them with
memcmp()
5477 Enable Vista support for MSLSA
5478 NIM: New Default View and miscellaneous fixes
5480 krb5 library uses kdc.conf when it shouldn't
5490 KfW build automation
5491 WIX installer stores WinLogon event handler under wrong
registry value
5492 remove unwanted files from kfw build script
5493 KFW: problems with non-interactive logons
5495 NIM commits for KFW 3.2 Beta 1
5496 more bug fixes for NIM 1.2 (KFW 3.2)
5503 msi deployment guide updates for KFW 3.2
5504 Network Identity Manager 1.2 User Manual
5505 More commits for NIM 1.2 Beta 1
5507 MITKRB5-SA-2007-002: buffer overflow in krb5_klog_syslog
5508 MITKRB5-SA-2007-001: telnetd allows login as arbitrary user
5509 service location plugin returning no addresses handled
incorrectly
5510 krb5int_open_plugin_dirs errors out if directory does not
exist
5514 wix installer - modify file list
5515 KFW NSIS installer - copyright updates and aklog removal
5516 NIM 1.2.0.1 corrections
5518 EAI_NODATA deprecated, not always defined
5521 KfW build system (post kfw-3.2-beta1)
5522 NIM 3.2 documentation update
5523 KFW 3.2 Beta 2 commits
5524 NIM doxyfile.cfg - update to Doxygen 1.5.2
5525 NIM 1.2 HtmlHelp User Documentation
5526 NIM - Fix taskbar button visibility on Vista
5527 kfw build - include netidmgr_userdoc.pdf in zip file
5528 Add vertical scrollbars to realm fields in dialogs
5529 Missing version resource info on krb5 files
5530 KFW 3.2.0.7002 about dialogue will not respond to alt-f4
5532 KFW Network Provider Improvements
5533 updates for NIM developer documentation
5534 kfwlogon corrections for XP
5535 More NIM Developer documentation updates
5537 only check current dir for a.tmp
5539 add option to export instead of checkout, etc.
Major changes in krb5-1.6
-------------------------
* Partial client implementation to handle server name referrals.
* Pre-authentication plug-in framework, donated by Red Hat.
* LDAP KDB plug-in, donated by Novell.
* Fix for MITKRB5-SA-2006-002: the RPC library could call an
uninitialized function pointer, which created a security
vulnerability for kadmind.
* Fix for MITKRB5-SA-2006-003: the GSS-API mechglue layer could fail
to initialize some output pointers, causing callers to attempt to
free uninitialized pointers. This caused a security vulnerability
in kadmind.
Note that the implementation of referral handling involves a change to
the behavior of krb5_sname_to_principal() to return a zero-length
realm name if it is unable to find the realm corresponding to the
hostname. This special realm name signals the ticket-acquisition code
to request KDC canonicalization of service principal names. Other
library code has changed to accommodate this new behavior. This
particular method of implementing service principal name referral
handling may change in the future; we invite discussion on this
subject.
Major known bugs in krb5-1.6
----------------------------
5293 crash creating db2 database in non-existent directory
Attempting to create a KDB in a non-existent directory using the
Berkeley DB back end may cause a crash resulting from a null pointer
dereference. If a core dump occurs, this may cause a local exposure
of sensitive information such a master key password. This will be
fixed in an upcoming patch release.
krb5-1.6 changes by ticket ID
-----------------------------
Listed below are the RT tickets of bugs fixed in krb5-1.6. Please see
http://krbdev.mit.edu/rt/NoAuth/krb5-1.6/fixed-1.6.html
for a current listing with links to the complete tickets.
1204 Unable to get a TGT cross-realm referral
2087 undocumented options for kpropd
2240 krb5-config --cflags gssapi when used by OpenSSH-snap-20040212
2579 kdc: add_to_transited may reference off end of array...
2652 Add support for referrals
2876 Tree does not compile with GCC 4.0
2935 KDB/LDAP backend
3089 krb5_verify_init_creds() is not thread safe
3091 add krb5_cc_new_unique()
3218 kdb5_util load requires that the dumpfile be writable.
3276 local array of structures not declared static
3288 NetIdMgr cannot obtain Kerberos 5 tickets containing addresses
3322 get_cred_via_tkt() checks too strict on server principal
3522 Error code definitions are outside macros to prevent multiple
inclusion in public headers
3642 changes for embedding manifest into dlls and exes
3735 Add TCP change/set password support
3947 allow multiple calls to krb5_get_error_message to retrieve message
3955 check calling conventions specified for Windows
3961 fix stdcc.c to build without USE_CCAPI_V3
4021 use GSS_C_NO_CHANNEL_BINDINGS not NULL in lib/rpc/auth_gss.c
4023 Turn off KLL automatic prompting support in kadmin
4024 gss_acquire_cred auto prompt support shouldn't break
gss_krb5_ccache_name()
4025 need to look harder for tclConfig.sh
4055 remove unused Metrowerks support from yarrow
4056 g_canon_name.c if-statement warning cleanup
4057 GSSAPI opaque types should be pointers to opaque structs, not void*
4256 Make process error
4292 LDAP error prevents KfM 6.0 from building on Tiger
4294 Bad loop logic in krb5_mcc_generate_new
4304 audit referrals merge (R18598)
4327 doc/krb5-protocol out of date
4389 cursor for iterating over ccaches
4412 Don't segfault if a preauth plugin module fails to load
4453 krb5-1.6-pre: fix warnings/ improve 64bit compatibility in the
ldap plugin
4454 krb5-1.6-pre: kdb5_ldap_util stashsrvpw does not work
4455 IRIX build fails w/ GCC 4.0 (really GNU ld)
4482 enabling LDAP mix-in support for kdb5_util load
4488 osf1 -oldstyle_liblookup typo
4495 Avoid segfault in krb5_do_preauth_tryagain
4496 fix invalid access found by valgrind
4501 fix krb5_ldap_iterate to handle NULL match_expr and
open_db_and_mkey to use KRB5_KDB_SRV_TYPE_ADMIN
4534 don't confuse profile iterator in 425 princ conversion
4561 UC Berkeley BSD license change
4562 latest Novell ldap patches and kdb5_util dump support for ldap
4566 leaks in preauth plugin support
4567 KDC can crash for certain client requests when preauth plugins
are used
4587 Change preauth plugin context scope and lifetimes
4624 remove t_prf and t_prf.o on make clean
4625 Make clean in lib/kdb leaves error table files
4657 krb5.h not C++-safe due to "struct krb5_cccol_cursor"
4683 Remove obsolete/conflicting prototype for krb524_convert_princs
4688 Add public function to get keylength associated with an enctype
4689 Update minor version numbers for 1.6
4690 Add "get_data" function to the client preauth plugin interface
4692 Document changing the krbtgt key
4693 Delay kadmind random number initialization until after fork
4735 more Novell ldap patches from Nov 6 and Fix for wrong password
policy reference count
4737 correct client preauth plugin request_context
4738 allow server preauth plugin verify_padata function to return e-data
4739 cccursor backend for CCAPI
4755 update copyrights and acknowledgments
4770 Add macros for __attribute__((deprecated)) for krb4 and des APIs
4771 LDAP patch from Novell, 2006-10-13
4772 fix some warnings in ldap code
4773 fix warning in preauth_plugin.h header
4774 avoid double frees in ccache manipulation around gen_new
4775 include realm in "can't resolve KDC" error message
4784 krb5_stdccv3_generate_new returns NULL ccache
4788 ccache double free in krb5_fcc_read_addrs().
4799 krb5_c_keylength -> krb5_c_keylengths; add krb5_c_random_to_key
4805 replace existing calls of cc_gen_new()
4841 free error message when freeing context
4846 clean up preauth2 salt debug code
4860 fix LDAP plugin Makefile.in lib frag substitutions
4928 krb5int_copy_data_contents shouldn't free memory it didn't allocate
4941 referrals changes to telnet have unconditional debugging printfs
4942 skip all modules in plugin if init function fails
4955 Referrals code breaks krb5_set_password_using_ccache to Active
Directory
4967 referrals support assumes all rewrites produce TGS principals
4972 return edata from non-PA_REQUIRED preauth types
4973 send a new request with the new padata returned by
krb5_do_preauth_tryagain()
4980 Remove unused prototype for krb5_find_config_files
4981 Make clean in lib/krb5/os does not clean test objs
4991 fix for kdb5_util load bug with dumps from a LDAP KDB
4994 minor update to kdb5_util man page for LDAP plugin
5003 krb5_cc_remove should work for the CCAPI
5005 Reading maxlife, maxrenewlife and ticket flags from conf file
in LDAP plugin
5009 kadmin.local with LDAP backend fails to start when master key
enctype is not default enctype
5022 build the trunk on Windows (again)
5027 admin guide changes for the LDAP backend
5032 Don't leak padata when looping for krb5_do_preauth_tryagain()
5090 krb5_get_init_creds_opt_set_change_password_prompt
5115 krb5_rc_io_open_internal on error will call close(-1)
5116 minor ldap specific changes in man page
5121 keytab code can't match principals with realms not yet determined
5123 don't pass null pointer to krb5_do_preauth_tryagain()
5124 use KRB5KRB_ERR_GENERIC, not KRB_ERR_GENERIC in preauth2.c
5125 Add -clearpolicy to kadmin addprinc usage
5152 misc cleanups in admin guide ldap sections
5159 don't split HTML output from makeinfo
5223 Fix typo in user-guide.texinfo
5245 Repair broken links in NetIdMgr Help
5260 Deletion of principal fails
5265 update ldap/Makefile.in for newer autoconf substitution requirements
5271 Document KDC behavior without stash file
5279 Document what the kadmind ACL is for
5301 MITKRB5-SA-2006-002: svctcp_destroy() can call uninitialized function pointer
5302 MITKRB5-SA-2006-003: mechglue argument handling too lax
Copyright and Other Legal Notices
---------------------------------
Copyright (C) 1985-2007 by the Massachusetts Institute of Technology.
All rights reserved.
Export of this software from the United States of America may require
a specific license from the United States Government. It is the
responsibility of any person or organization contemplating export to
obtain such a license before exporting.
WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
distribute this software and its documentation for any purpose and
without fee is hereby granted, provided that the above copyright
notice appear in all copies and that both that copyright notice and
this permission notice appear in supporting documentation, and that
the name of M.I.T. not be used in advertising or publicity pertaining
to distribution of the software without specific, written prior
permission. Furthermore if you modify this software you must label
your software as modified software and not distribute it in such a
fashion that it might be confused with the original MIT software.
M.I.T. makes no representations about the suitability of this software
for any purpose. It is provided "as is" without express or implied
warranty.
THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
Individual source code files are copyright MIT, Cygnus Support,
Novell, OpenVision Technologies, Oracle, Red Hat, Sun Microsystems,
FundsXpress, and others.
Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
and Zephyr are trademarks of the Massachusetts Institute of Technology
(MIT). No commercial use of these trademarks may be made without
prior written permission of MIT.
"Commercial use" means use of a name in a product or other for-profit
manner. It does NOT prevent a commercial firm from referring to the
MIT trademarks in order to convey information (although in doing so,
recognition of their trademark status should be given).
--------------------
Portions of src/lib/crypto have the following copyright:
Copyright (C) 1998 by the FundsXpress, INC.
All rights reserved.
Export of this software from the United States of America may require
a specific license from the United States Government. It is the
responsibility of any person or organization contemplating export to
obtain such a license before exporting.
WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
distribute this software and its documentation for any purpose and
without fee is hereby granted, provided that the above copyright
notice appear in all copies and that both that copyright notice and
this permission notice appear in supporting documentation, and that
the name of FundsXpress. not be used in advertising or publicity pertaining
to distribution of the software without specific, written prior
permission. FundsXpress makes no representations about the suitability of
this software for any purpose. It is provided "as is" without express
or implied warranty.
THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
--------------------
The following copyright and permission notice applies to the
OpenVision Kerberos Administration system located in kadmin/create,
kadmin/dbutil, kadmin/passwd, kadmin/server, lib/kadm5, and portions
of lib/rpc:
Copyright, OpenVision Technologies, Inc., 1996, All Rights Reserved
WARNING: Retrieving the OpenVision Kerberos Administration system
source code, as described below, indicates your acceptance of the
following terms. If you do not agree to the following terms, do not
retrieve the OpenVision Kerberos administration system.
You may freely use and distribute the Source Code and Object Code
compiled from it, with or without modification, but this Source
Code is provided to you "AS IS" EXCLUSIVE OF ANY WARRANTY,
INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE, OR ANY OTHER WARRANTY, WHETHER
EXPRESS OR IMPLIED. IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY
FOR ANY LOST PROFITS, LOSS OF DATA OR COSTS OF PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR
CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, INCLUDING,
WITHOUT LIMITATION, THOSE RESULTING FROM THE USE OF THE SOURCE
CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR ANY
OTHER REASON.
OpenVision retains all copyrights in the donated Source Code. OpenVision
also retains copyright to derivative works of the Source Code, whether
created by OpenVision or by a third party. The OpenVision copyright
notice must be preserved if derivative works are made based on the
donated Source Code.
OpenVision Technologies, Inc. has donated this Kerberos
Administration system to MIT for inclusion in the standard
Kerberos 5 distribution. This donation underscores our
commitment to continuing Kerberos technology development
and our gratitude for the valuable work which has been
performed by MIT and the Kerberos community.
--------------------
Portions contributed by Matt Crawford <crawdad@fnal.gov> were
work performed at Fermi National Accelerator Laboratory, which is
operated by Universities Research Association, Inc., under
contract DE-AC02-76CHO3000 with the U.S. Department of Energy.
--------------------
The implementation of the Yarrow pseudo-random number generator in
src/lib/crypto/yarrow has the following copyright:
Copyright 2000 by Zero-Knowledge Systems, Inc.
Permission to use, copy, modify, distribute, and sell this software
and its documentation for any purpose is hereby granted without fee,
provided that the above copyright notice appear in all copies and that
both that copyright notice and this permission notice appear in
supporting documentation, and that the name of Zero-Knowledge Systems,
Inc. not be used in advertising or publicity pertaining to
distribution of the software without specific, written prior
permission. Zero-Knowledge Systems, Inc. makes no representations
about the suitability of this software for any purpose. It is
provided "as is" without express or implied warranty.
ZERO-KNOWLEDGE SYSTEMS, INC. DISCLAIMS ALL WARRANTIES WITH REGARD TO
THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS, IN NO EVENT SHALL ZERO-KNOWLEDGE SYSTEMS, INC. BE LIABLE FOR
ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTUOUS ACTION, ARISING OUT
OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
--------------------
The implementation of the AES encryption algorithm in
src/lib/crypto/aes has the following copyright:
Copyright (c) 2001, Dr Brian Gladman <brg@gladman.uk.net>, Worcester, UK.
All rights reserved.
LICENSE TERMS
The free distribution and use of this software in both source and binary
form is allowed (with or without changes) provided that:
1. distributions of this source code include the above copyright
notice, this list of conditions and the following disclaimer;
2. distributions in binary form include the above copyright
notice, this list of conditions and the following disclaimer
in the documentation and/or other associated materials;
3. the copyright holder's name is not used to endorse products
built using this software without specific written permission.
DISCLAIMER
This software is provided 'as is' with no explcit or implied warranties
in respect of any properties, including, but not limited to, correctness
and fitness for purpose.
--------------------
Portions contributed by Red Hat, including the pre-authentication
plug-ins framework, contain the following copyright:
Copyright (c) 2006 Red Hat, Inc.
Portions copyright (c) 2006 Massachusetts Institute of Technology
All Rights Reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials provided
with the distribution.
* Neither the name of Red Hat, Inc., nor the names of its
contributors may be used to endorse or promote products derived
from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--------------------
The implementations of GSSAPI mechglue in GSSAPI-SPNEGO in
src/lib/gssapi, including the following files:
lib/gssapi/generic/gssapi_err_generic.et
lib/gssapi/mechglue/g_accept_sec_context.c
lib/gssapi/mechglue/g_acquire_cred.c
lib/gssapi/mechglue/g_canon_name.c
lib/gssapi/mechglue/g_compare_name.c
lib/gssapi/mechglue/g_context_time.c
lib/gssapi/mechglue/g_delete_sec_context.c
lib/gssapi/mechglue/g_dsp_name.c
lib/gssapi/mechglue/g_dsp_status.c
lib/gssapi/mechglue/g_dup_name.c
lib/gssapi/mechglue/g_exp_sec_context.c
lib/gssapi/mechglue/g_export_name.c
lib/gssapi/mechglue/g_glue.c
lib/gssapi/mechglue/g_imp_name.c
lib/gssapi/mechglue/g_imp_sec_context.c
lib/gssapi/mechglue/g_init_sec_context.c
lib/gssapi/mechglue/g_initialize.c
lib/gssapi/mechglue/g_inquire_context.c
lib/gssapi/mechglue/g_inquire_cred.c
lib/gssapi/mechglue/g_inquire_names.c
lib/gssapi/mechglue/g_process_context.c
lib/gssapi/mechglue/g_rel_buffer.c
lib/gssapi/mechglue/g_rel_cred.c
lib/gssapi/mechglue/g_rel_name.c
lib/gssapi/mechglue/g_rel_oid_set.c
lib/gssapi/mechglue/g_seal.c
lib/gssapi/mechglue/g_sign.c
lib/gssapi/mechglue/g_store_cred.c
lib/gssapi/mechglue/g_unseal.c
lib/gssapi/mechglue/g_userok.c
lib/gssapi/mechglue/g_utils.c
lib/gssapi/mechglue/g_verify.c
lib/gssapi/mechglue/gssd_pname_to_uid.c
lib/gssapi/mechglue/mglueP.h
lib/gssapi/mechglue/oid_ops.c
lib/gssapi/spnego/gssapiP_spnego.h
lib/gssapi/spnego/spnego_mech.c
are subject to the following license:
Copyright (c) 2004 Sun Microsystems, Inc.
Permission is hereby granted, free of charge, to any person obtaining a
copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be included
in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
--------------------
MIT Kerberos includes documentation and software developed at the
University of California at Berkeley, which includes this copyright
notice:
Copyright (C) 1983 Regents of the University of California.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials provided
with the distribution.
3. Neither the name of the University nor the names of its
contributors may be used to endorse or promote products derived
from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
--------------------
Portions contributed by Novell, Inc., including the LDAP database
backend, are subject to the following license:
Copyright (c) 2004-2005, Novell, Inc.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* The copyright holder's name is not used to endorse or promote products
derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
Acknowledgments
---------------
Thanks to Red Hat for donating the pre-authentication plug-in
framework.
Thanks to Novell for donating the KDB abstraction layer and the LDAP
database plug-in.
Thanks to Sun Microsystems for donating their implementations of
mechglue and SPNEGO.
Thanks to iDefense for notifying us about the vulnerability in
MITKRB5-SA-2007-002.
Thanks to the members of the Kerberos V5 development team at MIT, both
past and present: Danilo Almeida, Jeffrey Altman, Justin Anderson,
Richard Basch, Jay Berkenbilt, Mitch Berger, Andrew Boardman, Joe
Calzaretta, John Carr, Don Davis, Alexandra Ellwood, Nancy Gilman,
Matt Hancher, Sam Hartman, Paul Hill, Marc Horowitz, Eva Jacobus,
Miroslav Jurisic, Barry Jaspan, Geoffrey King, Kevin Koch, John Kohl,
Peter Litwack, Scott McGuire, Kevin Mitchell, Cliff Neuman, Paul Park,
Ezra Peisach, Chris Provenzano, Ken Raeburn, Jon Rochlis, Jeff
Schiller, Jen Selby, Brad Thompson, Harry Tsai, Ted Ts'o, Marshall
Vale, Tom Yu.
|
