1 Changes in release 0.4c
3 * repair some of the v4 fallback code in kinit
5 * add more shared library dependencies
7 * simplify and fix hprop handling of v4 databases
11 Changes in release 0.4b
13 * update the shared library version numbers correctly
15 Changes in release 0.4a
17 * corrected key used for checksum in mk_safe, unfortunately this
18 makes it backwards incompatible
20 * update to autoconf 2.50, libtool 1.4
22 * re-write dns/config lookups (krb5_krbhst API)
24 * make order of using subkeys consistent
30 * remove rfc2052 support, now only rfc2782 is supported
32 * always build with kaserver protocol support in the KDC (assuming
33 KRB4 is enabled) and support for reading kaserver databases in
36 Changes in release 0.3f
38 * change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab,
39 the new keytab type that tries both of these in order (SRVTAB is
40 also an alias for krb4:)
42 * improve error reporting and error handling (error messages should
43 be more detailed and more useful)
45 * improve building with openssl
47 * add kadmin -K, rcp -F
49 * fix two incorrect weak DES keys
51 * fix building of kaserver compat in KDC
53 * the API is closer to what MIT krb5 is using
55 * more compatible with windows 2000
57 * removed some memory leaks
61 Changes in release 0.3e
63 * rcp program included
65 * fix buffer overrun in ftpd
67 * handle omitted sequence numbers as zeroes to handle MIT krb5 that
68 cannot generate zero sequence numbers
70 * handle v4 /.k files better
72 * configure/portability fixes
74 * fixes in parsing of options to kadmin (sub-)commands
76 * handle errors in kadmin load better
80 Changes in release 0.3d
84 * fix a bug in 3des gss-api mechanism, making it compatible with the
85 specification and the MIT implementation
87 * make telnetd only allow a specific list of environment variables to
88 stop it from setting `sensitive' variables
90 * try to use an existing libdes
92 * lib/krb5, kdc: use correct usage type for ap-req messages. This
93 should improve compatability with MIT krb5 when using 3DES
96 * kdc: fix memory allocation problem
98 * update config.guess and config.sub
100 * lib/roken: more stuff implemented
102 * bug fixes and portability enhancements
104 Changes in release 0.3c
106 * lib/krb5: memory caches now support the resolve operation
108 * appl/login: set PATH to some sane default
110 * kadmind: handle several realms
112 * bug fixes (including memory leaks)
114 Changes in release 0.3b
116 * kdc: prefer default-salted keys on v5 requests
118 * kdc: lowercase hostnames in v4 mode
120 * hprop: handle more types of MIT salts
122 * lib/krb5: fix memory leak
126 Changes in release 0.3a:
128 * implement arcfour-hmac-md5 to interoperate with W2K
130 * modularise the handling of the master key, and allow for other
131 encryption types. This makes it easier to import a database from
132 some other source without having to re-encrypt all keys.
134 * allow for better control over which encryption types are created
136 * make kinit fallback to v4 if given a v4 KDC
138 * make klist work better with v4 and v5, and add some more MIT
139 compatibility options
141 * make the kdc listen on the krb524 (4444) port for compatibility
142 with MIT krb5 clients
144 * implement more DCE/DFS support, enabled with --enable-dce, see
145 lib/kdfs and appl/dceutils
147 * make the sequence numbers work correctly
151 Changes in release 0.2t:
155 Changes in release 0.2s:
157 * add OpenLDAP support in hdb
159 * login will get v4 tickets when it receives forwarded tickets
161 * xnlock supports both v5 and v4
163 * repair source routing for telnet
165 * fix building problems with krb4 (krb_mk_req)
169 Changes in release 0.2r:
171 * fix realloc memory corruption bug in kdc
173 * `add --key' and `cpw --key' in kadmin
175 * klist supports listing v4 tickets
177 * update config.guess and config.sub
179 * make v4 -> v5 principal name conversion more robust
181 * support for anonymous tickets
185 * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab.
187 * use and set expiration and not password expiration when dumping
188 to/from ka server databases / krb4 databases
190 * make the code happier with 64-bit time_t
192 * follow RFC2782 and by default do not look for non-underscore SRV names
194 Changes in release 0.2q:
196 * bug fix in tcp-handling in kdc
198 * bug fix in expand_hostname
200 Changes in release 0.2p:
202 * bug fix in `kadmin load/merge'
204 * bug fix in krb5_parse_address
206 Changes in release 0.2o:
208 * gss_{import,export}_sec_context added to libgssapi
210 * new option --addresses to kdc (for listening on an explicit set of
213 * bug fixes in the krb4 and kaserver emulation part of the kdc
217 Changes in release 0.2n:
219 * more robust parsing of dump files in kadmin
220 * changed default timestamp format for log messages to extended ISO
221 8601 format (Y-M-DTH:M:S)
222 * changed md4/md5/sha1 APIes to be de-facto `standard'
223 * always make hostname into lower-case before creating principal
224 * small bits of more MIT-compatability
227 Changes in release 0.2m:
229 * handle glibc's getaddrinfo() that returns several ai_canonname
235 Changes in release 0.2l:
239 Changes in release 0.2k:
243 * make struct sockaddr_storage in roken work better on alphas
245 * some missing [hn]to[hn]s fixed.
247 * allow users to change their own passwords with kadmin (with initial
250 * fix stupid bug in parsing KDC specification
252 * add `ktutil change' and `ktutil purge'
254 Changes in release 0.2j:
258 * ftpd works in passive mode
260 * should build on cygwin
262 * work around broken IPv6-code on OpenBSD 2.6, also add configure
263 option --disable-ipv6
265 Changes in release 0.2i:
267 * use getaddrinfo in the missing places.
269 * fix SRV lookup for admin server
271 * use get{addr,name}info everywhere. and implement it in terms of
272 getipnodeby{name,addr} (which uses gethostbyname{,2} and
275 Changes in release 0.2h:
277 * fix typo in kx (now compiles)
279 Changes in release 0.2g:
283 * repair appl/test programs
284 * sockaddr_storage works on solaris (alignment issues)
285 * works better with non-roken getaddrinfo
287 * some non standard C constructs removed
289 Changes in release 0.2f:
291 * support SRV records for kpasswd
292 * look for both _kerberos and krb5-realm when doing host -> realm mapping
294 Changes in release 0.2e:
296 * changed copyright notices to remove `advertising'-clause.
297 * get{addr,name}info added to roken and used in the other code
298 (this makes things work much better with hosts with both v4 and v6
299 addresses, among other things)
300 * do pre-auth for both password and key-based get_in_tkt
301 * support for having several databases
302 * new command `del_enctype' in kadmin
303 * strptime (and new strftime) add to roken
304 * more paranoia about finding libdb
307 Changes in release 0.2d:
309 * new configuration option [libdefaults]default_etypes_des
310 * internal ls in ftpd builds without KRB4
311 * kx/rsh/push/pop_debug tries v5 and v4 consistenly
315 Changes in release 0.2c:
317 * bug fixes (see ChangeLog's for details)
319 Changes in release 0.2b:
322 * actually bump shared library versions
324 Changes in release 0.2a:
326 * a new program verify_krb5_conf for checking your /etc/krb5.conf
327 * add 3DES keys when changing password
328 * support null keys in database
329 * support multiple local realms
330 * implement a keytab backend for AFS KeyFile's
331 * implement a keytab backend for v4 srvtabs
332 * implement `ktutil copy'
333 * support password quality control in v4 kadmind
334 * improvements in v4 compat kadmind
335 * handle the case of having the correct cred in the ccache but with
336 the wrong encryption type better
337 * v6-ify the remaining programs.
338 * internal ls in ftpd
339 * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat
340 * add `ank --random-password' and `cpw --random-password' in kadmin
341 * some programs and documentation for trying to talk to a W2K KDC
344 Changes in release 0.1m:
346 * support for getting default from krb5.conf for kinit/kf/rsh/telnet.
347 From Miroslav Ruda <ruda@ics.muni.cz>
348 * v6-ify hprop and hpropd
349 * support numeric addresses in krb5_mk_req
350 * shadow support in login and su. From Miroslav Ruda <ruda@ics.muni.cz>
351 * make rsh/rshd IPv6-aware
352 * make the gssapi sample applications better at reporting errors
354 * handle systems with v6-aware libc and non-v6 kernels (like Linux
355 with glibc 2.1) better
356 * hide failure of ERPT in ftp
359 Changes in release 0.1l:
361 * make ftp and ftpd IPv6-aware
362 * add inet_pton to roken
363 * more IPv6-awareness
364 * make mini_inetd v6 aware
366 Changes in release 0.1k:
368 * bump shared libraries versions
369 * add roken version of inet_ntop
370 * merge more changes to rshd
372 Changes in release 0.1j:
374 * restore back to the `old' 3DES code. This was supposed to be done
375 in 0.1h and 0.1i but I did a CVS screw-up.
376 * make telnetd handle v6 connections
378 Changes in release 0.1i:
380 * start using `struct sockaddr_storage' which simplifies the code
381 (with a fallback definition if it's not defined)
382 * bug fixes (including in hprop and kf)
383 * don't use mawk which seems to mishandle roken.awk
384 * get_addrs should be able to handle v6 addresses on Linux (with the
385 required patch to the Linux kernel -- ask within)
386 * rshd builds with shadow passwords
388 Changes in release 0.1h:
390 * kf: new program for forwarding credentials
392 * make forwarding credentials work with MIT code
393 * better conversion of ka database
394 * add etc/services.append
395 * correct `modified by' from kpasswdd
398 Changes in release 0.1g:
400 * kgetcred: new program for explicitly obtaining tickets
405 Changes in release 0.1f;
407 * experimental support for v4 kadmin protokoll in kadmind
410 Changes in release 0.1e:
412 * try to handle old DCE and MIT kdcs
413 * support for older versions of credential cache files and keytabs
414 * postdated tickets work
415 * support for password quality checks in kpasswdd
416 * new flag --enable-kaserver for kdc
418 * prototype su program
419 * updated (some) manpages
420 * support for KDC resource records
421 * should build with --without-krb4
424 Changes in release 0.1d:
426 * Support building with DB2 (uses 1.85-compat API)
427 * Support krb5-realm.DOMAIN in DNS
428 * new `ktutil srvcreate'
429 * v4/kafs support in klist/kdestroy
432 Changes in release 0.1c:
434 * fix ASN.1 encoding of signed integers
435 * somewhat working `ktutil get'
436 * some documentation updates
437 * update to Autoconf 2.13 and Automake 1.4
438 * the usual bug fixes
440 Changes in release 0.1b:
442 * some old -> new crypto conversion utils
445 Changes in release 0.1a:
449 * make sure we ask for DES keys in gssapi
450 * support signed ints in ASN1
453 Changes in release 0.0u:
457 Changes in release 0.0t:
459 * more robust parsing of krb5.conf
460 * include net{read,write} in lib/roken
463 Changes in release 0.0s:
465 * kludges for parsing options to rsh
466 * more robust parsing of krb5.conf
467 * removed some arbitrary limits
470 Changes in release 0.0r:
472 * default options for some programs
475 Changes in release 0.0q:
477 * support for building shared libraries with libtool
480 Changes in release 0.0p:
482 * keytab moved to /etc/krb5.keytab
483 * avoid false detection of IPv6 on Linux
484 * Lots of more functionality in the gssapi-library
485 * hprop can now read ka-server databases
488 Changes in release 0.0o:
490 * FTP with GSSAPI support.
493 Changes in release 0.0n:
495 * Incremental database propagation.
496 * Somewhat improved kadmin ui; the stuff in admin is now removed.
497 * Some support for using enctypes instead of keytypes.
498 * Lots of other improvement and bug fixes, see ChangeLog for details.