1 Shishi NEWS -- History of user-visible changes. -*- outline -*-
2 Copyright (C) 2002, 2003 Simon Josefsson
3 See the end for copying conditions.
5 * Version 0.0.6 (unreleased)
7 ** Proxiable, proxy, forwardable and forwarded tickets supported.
8 See the User Manual for discussion and examples.
10 ** Man pages for all public functions are included.
12 ** Installed versions of Libgcrypt and libtasn1 used where possible.
13 Shishi need Libgcrypt 1.1.44 or later, and libtasn1 0.2.5 or later.
14 If a usable version is not found, the internal Nettle (crypto/) and/or
15 libminitasn1 (asn1/) libraries are used instead.
17 ** It is possible to enable and disable part of the system at compile time.
18 The --disable-des, --disable-3des, --disable-aes, --disable-md,
19 --disable-null, --enable-arcfour.
21 ** The internal crypto interface now fully modularized.
22 If you wish to add support for a new low-level cryptographic library,
23 to, e.g., utilize specialized hardware, it is now easy to do so. Two
24 wrappers for Nettle (lib/nettle.c) and Libgcrypt (lib/libgcrypt.c) are
27 ** Logging destination for warnings and informational message variable.
28 Message are sent to stderr for clients, and syslog for servers, by
29 default. See the new API functions shishi_outputtype and
30 shishi_set_outputtype for more information.
32 * Version 0.0.5 (released 2003-09-07)
34 ** Server host name to realm mapping via DNS supported.
36 ** SAFE functions improved.
37 Example code of a client using integrity protected application data
38 exchanges is in examples/client-safe.c and examples/server.c.
40 ** PRIV functions added.
41 Example code of a client using privacy protected application data
42 exchanges is in examples/client-priv.c.
44 ** Documentation improvements.
45 E.g., a reference manual was added, that document the configuration
46 file, and the shishi and shishid parameters.
48 ** Various API changes.
50 * Version 0.0.4 (released 2003-08-31)
52 ** The rsh/rlogin client 'rsh-redone' ported to Shishi, by Nicolas Pouvesle.
53 The client is located in extra/rsh-redone/. It supports
54 authentication and encryption. It interoperate with other
57 ** Authenticator subkeys are supported, and is used by default in AP/TGS.
58 Some KDCs does not understand subkeys in TGS requests, and use the
59 session key instead. Shishi detect and work around this problem but
62 ** Simplistic key distribution center (KDC) is working.
63 See the Administration Manual for a walk through on how to get it up
66 ** Various API changes.
68 * Version 0.0.3 (released 2003-08-22)
70 ** Documentation fixes.
74 * Version 0.0.2 (released 2003-08-17)
76 ** Command line handling of the 'shishi' application rewritten.
77 See the (updated) user manual and --help output for the new story.
79 ** It is possible to acquire renewable tickets.
81 ** Example client and server included.
82 Application data protection is not supported, but authentication is
83 demonstrated. The files are in src/client.c and src/server.c.
85 ** New configuration verbs: 'ticket-life' and 'renew-life'.
87 ** AES ciphers didn't work when nettle was used.
89 ** Cleanups, bug fixes and improved portability.
91 * Version 0.0.1 (released 2003-08-10)
93 ** InetUtils copy removed.
94 The patches (also found in extra/inetutils.diff) are forwarded upstream.
96 ** Libidn copy removed.
97 Libidn is optional, but recommended. It is used automatically if
98 present on your system.
100 ** Gettext not included.
101 Due to some conflicts between libtool and gettext, if you want i18n on
102 platforms that does not already have a useful gettext implementation,
103 you can install GNU gettext before building this package. If you
104 don't care about i18n, this package should work fine (except for i18n,
107 ** Low-level crypto uses nettle if libgcrypt is not installed.
108 Libgcrypt is not shipped with Shishi any more, instead a more
109 streamlined crypto implementation based on nettle is included.
110 Specify --with-libgcrypt to use libgcrypt.
112 ** Libtasn1 updated and replaced by "minitasn1" from gnutls.
113 Specify --with-system-libtasn1 to link with the installed libtasn1, if
116 ** KDC addresses are now found via DNS SRV RRs as a last resort.
117 This is only enabled if libresolv and resolv.h is found on your
120 ** Argp and other compatibility files replaced by gl/ directory.
122 ** Cleanups, bug fixes and various improvements.
124 * Version 0.0.0 (released 2003-06-02)
128 ----------------------------------------------------------------------
129 Copying and distribution of this file, with or without modification,
130 are permitted in any medium without royalty provided the copyright
131 notice and this notice are preserved.