1 Changes in release 0.3b
3 * kdc: prefer default-salted keys on v5 requests
5 * kdc: lowercase hostnames in v4 mode
7 * hprop: handle more types of MIT salts
9 * lib/krb5: fix memory leak
13 Changes in release 0.3a:
15 * implement arcfour-hmac-md5 to interoperate with W2K
17 * modularise the handling of the master key, and allow for other
18 encryption types. This makes it easier to import a database from
19 some other source without having to re-encrypt all keys.
21 * allow for better control over which encryption types are created
23 * make kinit fallback to v4 if given a v4 KDC
25 * make klist work better with v4 and v5, and add some more MIT
28 * make the kdc listen on the krb524 (4444) port for compatibility
31 * implement more DCE/DFS support, enabled with --enable-dce, see
32 lib/kdfs and appl/dceutils
34 * make the sequence numbers work correctly
38 Changes in release 0.2t:
42 Changes in release 0.2s:
44 * add OpenLDAP support in hdb
46 * login will get v4 tickets when it receives forwarded tickets
48 * xnlock supports both v5 and v4
50 * repair source routing for telnet
52 * fix building problems with krb4 (krb_mk_req)
56 Changes in release 0.2r:
58 * fix realloc memory corruption bug in kdc
60 * `add --key' and `cpw --key' in kadmin
62 * klist supports listing v4 tickets
64 * update config.guess and config.sub
66 * make v4 -> v5 principal name conversion more robust
68 * support for anonymous tickets
72 * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab.
74 * use and set expiration and not password expiration when dumping
75 to/from ka server databases / krb4 databases
77 * make the code happier with 64-bit time_t
79 * follow RFC2782 and by default do not look for non-underscore SRV names
81 Changes in release 0.2q:
83 * bug fix in tcp-handling in kdc
85 * bug fix in expand_hostname
87 Changes in release 0.2p:
89 * bug fix in `kadmin load/merge'
91 * bug fix in krb5_parse_address
93 Changes in release 0.2o:
95 * gss_{import,export}_sec_context added to libgssapi
97 * new option --addresses to kdc (for listening on an explicit set of
100 * bug fixes in the krb4 and kaserver emulation part of the kdc
104 Changes in release 0.2n:
106 * more robust parsing of dump files in kadmin
107 * changed default timestamp format for log messages to extended ISO
108 8601 format (Y-M-DTH:M:S)
109 * changed md4/md5/sha1 APIes to be de-facto `standard'
110 * always make hostname into lower-case before creating principal
111 * small bits of more MIT-compatability
114 Changes in release 0.2m:
116 * handle glibc's getaddrinfo() that returns several ai_canonname
122 Changes in release 0.2l:
126 Changes in release 0.2k:
130 * make struct sockaddr_storage in roken work better on alphas
132 * some missing [hn]to[hn]s fixed.
134 * allow users to change their own passwords with kadmin (with initial
137 * fix stupid bug in parsing KDC specification
139 * add `ktutil change' and `ktutil purge'
141 Changes in release 0.2j:
145 * ftpd works in passive mode
147 * should build on cygwin
149 * work around broken IPv6-code on OpenBSD 2.6, also add configure
150 option --disable-ipv6
152 Changes in release 0.2i:
154 * use getaddrinfo in the missing places.
156 * fix SRV lookup for admin server
158 * use get{addr,name}info everywhere. and implement it in terms of
159 getipnodeby{name,addr} (which uses gethostbyname{,2} and
162 Changes in release 0.2h:
164 * fix typo in kx (now compiles)
166 Changes in release 0.2g:
170 * repair appl/test programs
171 * sockaddr_storage works on solaris (alignment issues)
172 * works better with non-roken getaddrinfo
174 * some non standard C constructs removed
176 Changes in release 0.2f:
178 * support SRV records for kpasswd
179 * look for both _kerberos and krb5-realm when doing host -> realm mapping
181 Changes in release 0.2e:
183 * changed copyright notices to remove `advertising'-clause.
184 * get{addr,name}info added to roken and used in the other code
185 (this makes things work much better with hosts with both v4 and v6
186 addresses, among other things)
187 * do pre-auth for both password and key-based get_in_tkt
188 * support for having several databases
189 * new command `del_enctype' in kadmin
190 * strptime (and new strftime) add to roken
191 * more paranoia about finding libdb
194 Changes in release 0.2d:
196 * new configuration option [libdefaults]default_etypes_des
197 * internal ls in ftpd builds without KRB4
198 * kx/rsh/push/pop_debug tries v5 and v4 consistenly
202 Changes in release 0.2c:
204 * bug fixes (see ChangeLog's for details)
206 Changes in release 0.2b:
209 * actually bump shared library versions
211 Changes in release 0.2a:
213 * a new program verify_krb5_conf for checking your /etc/krb5.conf
214 * add 3DES keys when changing password
215 * support null keys in database
216 * support multiple local realms
217 * implement a keytab backend for AFS KeyFile's
218 * implement a keytab backend for v4 srvtabs
219 * implement `ktutil copy'
220 * support password quality control in v4 kadmind
221 * improvements in v4 compat kadmind
222 * handle the case of having the correct cred in the ccache but with
223 the wrong encryption type better
224 * v6-ify the remaining programs.
225 * internal ls in ftpd
226 * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat
227 * add `ank --random-password' and `cpw --random-password' in kadmin
228 * some programs and documentation for trying to talk to a W2K KDC
231 Changes in release 0.1m:
233 * support for getting default from krb5.conf for kinit/kf/rsh/telnet.
234 From Miroslav Ruda <ruda@ics.muni.cz>
235 * v6-ify hprop and hpropd
236 * support numeric addresses in krb5_mk_req
237 * shadow support in login and su. From Miroslav Ruda <ruda@ics.muni.cz>
238 * make rsh/rshd IPv6-aware
239 * make the gssapi sample applications better at reporting errors
241 * handle systems with v6-aware libc and non-v6 kernels (like Linux
242 with glibc 2.1) better
243 * hide failure of ERPT in ftp
246 Changes in release 0.1l:
248 * make ftp and ftpd IPv6-aware
249 * add inet_pton to roken
250 * more IPv6-awareness
251 * make mini_inetd v6 aware
253 Changes in release 0.1k:
255 * bump shared libraries versions
256 * add roken version of inet_ntop
257 * merge more changes to rshd
259 Changes in release 0.1j:
261 * restore back to the `old' 3DES code. This was supposed to be done
262 in 0.1h and 0.1i but I did a CVS screw-up.
263 * make telnetd handle v6 connections
265 Changes in release 0.1i:
267 * start using `struct sockaddr_storage' which simplifies the code
268 (with a fallback definition if it's not defined)
269 * bug fixes (including in hprop and kf)
270 * don't use mawk which seems to mishandle roken.awk
271 * get_addrs should be able to handle v6 addresses on Linux (with the
272 required patch to the Linux kernel -- ask within)
273 * rshd builds with shadow passwords
275 Changes in release 0.1h:
277 * kf: new program for forwarding credentials
279 * make forwarding credentials work with MIT code
280 * better conversion of ka database
281 * add etc/services.append
282 * correct `modified by' from kpasswdd
285 Changes in release 0.1g:
287 * kgetcred: new program for explicitly obtaining tickets
292 Changes in release 0.1f;
294 * experimental support for v4 kadmin protokoll in kadmind
297 Changes in release 0.1e:
299 * try to handle old DCE and MIT kdcs
300 * support for older versions of credential cache files and keytabs
301 * postdated tickets work
302 * support for password quality checks in kpasswdd
303 * new flag --enable-kaserver for kdc
305 * prototype su program
306 * updated (some) manpages
307 * support for KDC resource records
308 * should build with --without-krb4
311 Changes in release 0.1d:
313 * Support building with DB2 (uses 1.85-compat API)
314 * Support krb5-realm.DOMAIN in DNS
315 * new `ktutil srvcreate'
316 * v4/kafs support in klist/kdestroy
319 Changes in release 0.1c:
321 * fix ASN.1 encoding of signed integers
322 * somewhat working `ktutil get'
323 * some documentation updates
324 * update to Autoconf 2.13 and Automake 1.4
325 * the usual bug fixes
327 Changes in release 0.1b:
329 * some old -> new crypto conversion utils
332 Changes in release 0.1a:
336 * make sure we ask for DES keys in gssapi
337 * support signed ints in ASN1
340 Changes in release 0.0u:
344 Changes in release 0.0t:
346 * more robust parsing of krb5.conf
347 * include net{read,write} in lib/roken
350 Changes in release 0.0s:
352 * kludges for parsing options to rsh
353 * more robust parsing of krb5.conf
354 * removed some arbitrary limits
357 Changes in release 0.0r:
359 * default options for some programs
362 Changes in release 0.0q:
364 * support for building shared libraries with libtool
367 Changes in release 0.0p:
369 * keytab moved to /etc/krb5.keytab
370 * avoid false detection of IPv6 on Linux
371 * Lots of more functionality in the gssapi-library
372 * hprop can now read ka-server databases
375 Changes in release 0.0o:
377 * FTP with GSSAPI support.
380 Changes in release 0.0n:
382 * Incremental database propagation.
383 * Somewhat improved kadmin ui; the stuff in admin is now removed.
384 * Some support for using enctypes instead of keytypes.
385 * Lots of other improvement and bug fixes, see ChangeLog for details.