1 Changes in release 0.3f
3 * change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab,
4 the new keytab type that tries both of these in order (SRVTAB is
5 also an alias for krb4:)
7 * improve error reporting and error handling (error messages should
8 be more detailed and more useful)
10 * improve building with openssl
12 * add kadmin -K, rcp -F
14 * fix two incorrect weak DES keys
16 * fix building of kaserver compat in KDC
18 * the API is closer to what MIT krb5 is using
20 * more compatible with windows 2000
22 * removed some memory leaks
26 Changes in release 0.3e
28 * rcp program included
30 * fix buffer overrun in ftpd
32 * handle omitted sequence numbers as zeroes to handle MIT krb5 that
33 cannot generate zero sequence numbers
35 * handle v4 /.k files better
37 * configure/portability fixes
39 * fixes in parsing of options to kadmin (sub-)commands
41 * handle errors in kadmin load better
45 Changes in release 0.3d
49 * fix a bug in 3des gss-api mechanism, making it compatible with the
50 specification and the MIT implementation
52 * make telnetd only allow a specific list of environment variables to
53 stop it from setting `sensitive' variables
55 * try to use an existing libdes
57 * lib/krb5, kdc: use correct usage type for ap-req messages. This
58 should improve compatability with MIT krb5 when using 3DES
61 * kdc: fix memory allocation problem
63 * update config.guess and config.sub
65 * lib/roken: more stuff implemented
67 * bug fixes and portability enhancements
69 Changes in release 0.3c
71 * lib/krb5: memory caches now support the resolve operation
73 * appl/login: set PATH to some sane default
75 * kadmind: handle several realms
77 * bug fixes (including memory leaks)
79 Changes in release 0.3b
81 * kdc: prefer default-salted keys on v5 requests
83 * kdc: lowercase hostnames in v4 mode
85 * hprop: handle more types of MIT salts
87 * lib/krb5: fix memory leak
91 Changes in release 0.3a:
93 * implement arcfour-hmac-md5 to interoperate with W2K
95 * modularise the handling of the master key, and allow for other
96 encryption types. This makes it easier to import a database from
97 some other source without having to re-encrypt all keys.
99 * allow for better control over which encryption types are created
101 * make kinit fallback to v4 if given a v4 KDC
103 * make klist work better with v4 and v5, and add some more MIT
104 compatibility options
106 * make the kdc listen on the krb524 (4444) port for compatibility
107 with MIT krb5 clients
109 * implement more DCE/DFS support, enabled with --enable-dce, see
110 lib/kdfs and appl/dceutils
112 * make the sequence numbers work correctly
116 Changes in release 0.2t:
120 Changes in release 0.2s:
122 * add OpenLDAP support in hdb
124 * login will get v4 tickets when it receives forwarded tickets
126 * xnlock supports both v5 and v4
128 * repair source routing for telnet
130 * fix building problems with krb4 (krb_mk_req)
134 Changes in release 0.2r:
136 * fix realloc memory corruption bug in kdc
138 * `add --key' and `cpw --key' in kadmin
140 * klist supports listing v4 tickets
142 * update config.guess and config.sub
144 * make v4 -> v5 principal name conversion more robust
146 * support for anonymous tickets
150 * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab.
152 * use and set expiration and not password expiration when dumping
153 to/from ka server databases / krb4 databases
155 * make the code happier with 64-bit time_t
157 * follow RFC2782 and by default do not look for non-underscore SRV names
159 Changes in release 0.2q:
161 * bug fix in tcp-handling in kdc
163 * bug fix in expand_hostname
165 Changes in release 0.2p:
167 * bug fix in `kadmin load/merge'
169 * bug fix in krb5_parse_address
171 Changes in release 0.2o:
173 * gss_{import,export}_sec_context added to libgssapi
175 * new option --addresses to kdc (for listening on an explicit set of
178 * bug fixes in the krb4 and kaserver emulation part of the kdc
182 Changes in release 0.2n:
184 * more robust parsing of dump files in kadmin
185 * changed default timestamp format for log messages to extended ISO
186 8601 format (Y-M-DTH:M:S)
187 * changed md4/md5/sha1 APIes to be de-facto `standard'
188 * always make hostname into lower-case before creating principal
189 * small bits of more MIT-compatability
192 Changes in release 0.2m:
194 * handle glibc's getaddrinfo() that returns several ai_canonname
200 Changes in release 0.2l:
204 Changes in release 0.2k:
208 * make struct sockaddr_storage in roken work better on alphas
210 * some missing [hn]to[hn]s fixed.
212 * allow users to change their own passwords with kadmin (with initial
215 * fix stupid bug in parsing KDC specification
217 * add `ktutil change' and `ktutil purge'
219 Changes in release 0.2j:
223 * ftpd works in passive mode
225 * should build on cygwin
227 * work around broken IPv6-code on OpenBSD 2.6, also add configure
228 option --disable-ipv6
230 Changes in release 0.2i:
232 * use getaddrinfo in the missing places.
234 * fix SRV lookup for admin server
236 * use get{addr,name}info everywhere. and implement it in terms of
237 getipnodeby{name,addr} (which uses gethostbyname{,2} and
240 Changes in release 0.2h:
242 * fix typo in kx (now compiles)
244 Changes in release 0.2g:
248 * repair appl/test programs
249 * sockaddr_storage works on solaris (alignment issues)
250 * works better with non-roken getaddrinfo
252 * some non standard C constructs removed
254 Changes in release 0.2f:
256 * support SRV records for kpasswd
257 * look for both _kerberos and krb5-realm when doing host -> realm mapping
259 Changes in release 0.2e:
261 * changed copyright notices to remove `advertising'-clause.
262 * get{addr,name}info added to roken and used in the other code
263 (this makes things work much better with hosts with both v4 and v6
264 addresses, among other things)
265 * do pre-auth for both password and key-based get_in_tkt
266 * support for having several databases
267 * new command `del_enctype' in kadmin
268 * strptime (and new strftime) add to roken
269 * more paranoia about finding libdb
272 Changes in release 0.2d:
274 * new configuration option [libdefaults]default_etypes_des
275 * internal ls in ftpd builds without KRB4
276 * kx/rsh/push/pop_debug tries v5 and v4 consistenly
280 Changes in release 0.2c:
282 * bug fixes (see ChangeLog's for details)
284 Changes in release 0.2b:
287 * actually bump shared library versions
289 Changes in release 0.2a:
291 * a new program verify_krb5_conf for checking your /etc/krb5.conf
292 * add 3DES keys when changing password
293 * support null keys in database
294 * support multiple local realms
295 * implement a keytab backend for AFS KeyFile's
296 * implement a keytab backend for v4 srvtabs
297 * implement `ktutil copy'
298 * support password quality control in v4 kadmind
299 * improvements in v4 compat kadmind
300 * handle the case of having the correct cred in the ccache but with
301 the wrong encryption type better
302 * v6-ify the remaining programs.
303 * internal ls in ftpd
304 * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat
305 * add `ank --random-password' and `cpw --random-password' in kadmin
306 * some programs and documentation for trying to talk to a W2K KDC
309 Changes in release 0.1m:
311 * support for getting default from krb5.conf for kinit/kf/rsh/telnet.
312 From Miroslav Ruda <ruda@ics.muni.cz>
313 * v6-ify hprop and hpropd
314 * support numeric addresses in krb5_mk_req
315 * shadow support in login and su. From Miroslav Ruda <ruda@ics.muni.cz>
316 * make rsh/rshd IPv6-aware
317 * make the gssapi sample applications better at reporting errors
319 * handle systems with v6-aware libc and non-v6 kernels (like Linux
320 with glibc 2.1) better
321 * hide failure of ERPT in ftp
324 Changes in release 0.1l:
326 * make ftp and ftpd IPv6-aware
327 * add inet_pton to roken
328 * more IPv6-awareness
329 * make mini_inetd v6 aware
331 Changes in release 0.1k:
333 * bump shared libraries versions
334 * add roken version of inet_ntop
335 * merge more changes to rshd
337 Changes in release 0.1j:
339 * restore back to the `old' 3DES code. This was supposed to be done
340 in 0.1h and 0.1i but I did a CVS screw-up.
341 * make telnetd handle v6 connections
343 Changes in release 0.1i:
345 * start using `struct sockaddr_storage' which simplifies the code
346 (with a fallback definition if it's not defined)
347 * bug fixes (including in hprop and kf)
348 * don't use mawk which seems to mishandle roken.awk
349 * get_addrs should be able to handle v6 addresses on Linux (with the
350 required patch to the Linux kernel -- ask within)
351 * rshd builds with shadow passwords
353 Changes in release 0.1h:
355 * kf: new program for forwarding credentials
357 * make forwarding credentials work with MIT code
358 * better conversion of ka database
359 * add etc/services.append
360 * correct `modified by' from kpasswdd
363 Changes in release 0.1g:
365 * kgetcred: new program for explicitly obtaining tickets
370 Changes in release 0.1f;
372 * experimental support for v4 kadmin protokoll in kadmind
375 Changes in release 0.1e:
377 * try to handle old DCE and MIT kdcs
378 * support for older versions of credential cache files and keytabs
379 * postdated tickets work
380 * support for password quality checks in kpasswdd
381 * new flag --enable-kaserver for kdc
383 * prototype su program
384 * updated (some) manpages
385 * support for KDC resource records
386 * should build with --without-krb4
389 Changes in release 0.1d:
391 * Support building with DB2 (uses 1.85-compat API)
392 * Support krb5-realm.DOMAIN in DNS
393 * new `ktutil srvcreate'
394 * v4/kafs support in klist/kdestroy
397 Changes in release 0.1c:
399 * fix ASN.1 encoding of signed integers
400 * somewhat working `ktutil get'
401 * some documentation updates
402 * update to Autoconf 2.13 and Automake 1.4
403 * the usual bug fixes
405 Changes in release 0.1b:
407 * some old -> new crypto conversion utils
410 Changes in release 0.1a:
414 * make sure we ask for DES keys in gssapi
415 * support signed ints in ASN1
418 Changes in release 0.0u:
422 Changes in release 0.0t:
424 * more robust parsing of krb5.conf
425 * include net{read,write} in lib/roken
428 Changes in release 0.0s:
430 * kludges for parsing options to rsh
431 * more robust parsing of krb5.conf
432 * removed some arbitrary limits
435 Changes in release 0.0r:
437 * default options for some programs
440 Changes in release 0.0q:
442 * support for building shared libraries with libtool
445 Changes in release 0.0p:
447 * keytab moved to /etc/krb5.keytab
448 * avoid false detection of IPv6 on Linux
449 * Lots of more functionality in the gssapi-library
450 * hprop can now read ka-server databases
453 Changes in release 0.0o:
455 * FTP with GSSAPI support.
458 Changes in release 0.0n:
460 * Incremental database propagation.
461 * Somewhat improved kadmin ui; the stuff in admin is now removed.
462 * Some support for using enctypes instead of keytypes.
463 * Lots of other improvement and bug fixes, see ChangeLog for details.