1 Changes in release 0.3f
3 * improve building with openssl
5 * add kadmin -K, rcp -F
7 * fix two incorrect weak DES keys
9 * fix building of kaserver compat in KDC
13 Changes in release 0.3e
15 * rcp program included
17 * fix buffer overrun in ftpd
19 * handle omitted sequence numbers as zeroes to handle MIT krb5 that
20 cannot generate zero sequence numbers
22 * handle v4 /.k files better
24 * configure/portability fixes
26 * fixes in parsing of options to kadmin (sub-)commands
28 * handle errors in kadmin load better
32 Changes in release 0.3d
36 * fix a bug in 3des gss-api mechanism, making it compatible with the
37 specification and the MIT implementation
39 * make telnetd only allow a specific list of environment variables to
40 stop it from setting `sensitive' variables
42 * try to use an existing libdes
44 * lib/krb5, kdc: use correct usage type for ap-req messages. This
45 should improve compatability with MIT krb5 when using 3DES
48 * kdc: fix memory allocation problem
50 * update config.guess and config.sub
52 * lib/roken: more stuff implemented
54 * bug fixes and portability enhancements
56 Changes in release 0.3c
58 * lib/krb5: memory caches now support the resolve operation
60 * appl/login: set PATH to some sane default
62 * kadmind: handle several realms
64 * bug fixes (including memory leaks)
66 Changes in release 0.3b
68 * kdc: prefer default-salted keys on v5 requests
70 * kdc: lowercase hostnames in v4 mode
72 * hprop: handle more types of MIT salts
74 * lib/krb5: fix memory leak
78 Changes in release 0.3a:
80 * implement arcfour-hmac-md5 to interoperate with W2K
82 * modularise the handling of the master key, and allow for other
83 encryption types. This makes it easier to import a database from
84 some other source without having to re-encrypt all keys.
86 * allow for better control over which encryption types are created
88 * make kinit fallback to v4 if given a v4 KDC
90 * make klist work better with v4 and v5, and add some more MIT
93 * make the kdc listen on the krb524 (4444) port for compatibility
96 * implement more DCE/DFS support, enabled with --enable-dce, see
97 lib/kdfs and appl/dceutils
99 * make the sequence numbers work correctly
103 Changes in release 0.2t:
107 Changes in release 0.2s:
109 * add OpenLDAP support in hdb
111 * login will get v4 tickets when it receives forwarded tickets
113 * xnlock supports both v5 and v4
115 * repair source routing for telnet
117 * fix building problems with krb4 (krb_mk_req)
121 Changes in release 0.2r:
123 * fix realloc memory corruption bug in kdc
125 * `add --key' and `cpw --key' in kadmin
127 * klist supports listing v4 tickets
129 * update config.guess and config.sub
131 * make v4 -> v5 principal name conversion more robust
133 * support for anonymous tickets
137 * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab.
139 * use and set expiration and not password expiration when dumping
140 to/from ka server databases / krb4 databases
142 * make the code happier with 64-bit time_t
144 * follow RFC2782 and by default do not look for non-underscore SRV names
146 Changes in release 0.2q:
148 * bug fix in tcp-handling in kdc
150 * bug fix in expand_hostname
152 Changes in release 0.2p:
154 * bug fix in `kadmin load/merge'
156 * bug fix in krb5_parse_address
158 Changes in release 0.2o:
160 * gss_{import,export}_sec_context added to libgssapi
162 * new option --addresses to kdc (for listening on an explicit set of
165 * bug fixes in the krb4 and kaserver emulation part of the kdc
169 Changes in release 0.2n:
171 * more robust parsing of dump files in kadmin
172 * changed default timestamp format for log messages to extended ISO
173 8601 format (Y-M-DTH:M:S)
174 * changed md4/md5/sha1 APIes to be de-facto `standard'
175 * always make hostname into lower-case before creating principal
176 * small bits of more MIT-compatability
179 Changes in release 0.2m:
181 * handle glibc's getaddrinfo() that returns several ai_canonname
187 Changes in release 0.2l:
191 Changes in release 0.2k:
195 * make struct sockaddr_storage in roken work better on alphas
197 * some missing [hn]to[hn]s fixed.
199 * allow users to change their own passwords with kadmin (with initial
202 * fix stupid bug in parsing KDC specification
204 * add `ktutil change' and `ktutil purge'
206 Changes in release 0.2j:
210 * ftpd works in passive mode
212 * should build on cygwin
214 * work around broken IPv6-code on OpenBSD 2.6, also add configure
215 option --disable-ipv6
217 Changes in release 0.2i:
219 * use getaddrinfo in the missing places.
221 * fix SRV lookup for admin server
223 * use get{addr,name}info everywhere. and implement it in terms of
224 getipnodeby{name,addr} (which uses gethostbyname{,2} and
227 Changes in release 0.2h:
229 * fix typo in kx (now compiles)
231 Changes in release 0.2g:
235 * repair appl/test programs
236 * sockaddr_storage works on solaris (alignment issues)
237 * works better with non-roken getaddrinfo
239 * some non standard C constructs removed
241 Changes in release 0.2f:
243 * support SRV records for kpasswd
244 * look for both _kerberos and krb5-realm when doing host -> realm mapping
246 Changes in release 0.2e:
248 * changed copyright notices to remove `advertising'-clause.
249 * get{addr,name}info added to roken and used in the other code
250 (this makes things work much better with hosts with both v4 and v6
251 addresses, among other things)
252 * do pre-auth for both password and key-based get_in_tkt
253 * support for having several databases
254 * new command `del_enctype' in kadmin
255 * strptime (and new strftime) add to roken
256 * more paranoia about finding libdb
259 Changes in release 0.2d:
261 * new configuration option [libdefaults]default_etypes_des
262 * internal ls in ftpd builds without KRB4
263 * kx/rsh/push/pop_debug tries v5 and v4 consistenly
267 Changes in release 0.2c:
269 * bug fixes (see ChangeLog's for details)
271 Changes in release 0.2b:
274 * actually bump shared library versions
276 Changes in release 0.2a:
278 * a new program verify_krb5_conf for checking your /etc/krb5.conf
279 * add 3DES keys when changing password
280 * support null keys in database
281 * support multiple local realms
282 * implement a keytab backend for AFS KeyFile's
283 * implement a keytab backend for v4 srvtabs
284 * implement `ktutil copy'
285 * support password quality control in v4 kadmind
286 * improvements in v4 compat kadmind
287 * handle the case of having the correct cred in the ccache but with
288 the wrong encryption type better
289 * v6-ify the remaining programs.
290 * internal ls in ftpd
291 * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat
292 * add `ank --random-password' and `cpw --random-password' in kadmin
293 * some programs and documentation for trying to talk to a W2K KDC
296 Changes in release 0.1m:
298 * support for getting default from krb5.conf for kinit/kf/rsh/telnet.
299 From Miroslav Ruda <ruda@ics.muni.cz>
300 * v6-ify hprop and hpropd
301 * support numeric addresses in krb5_mk_req
302 * shadow support in login and su. From Miroslav Ruda <ruda@ics.muni.cz>
303 * make rsh/rshd IPv6-aware
304 * make the gssapi sample applications better at reporting errors
306 * handle systems with v6-aware libc and non-v6 kernels (like Linux
307 with glibc 2.1) better
308 * hide failure of ERPT in ftp
311 Changes in release 0.1l:
313 * make ftp and ftpd IPv6-aware
314 * add inet_pton to roken
315 * more IPv6-awareness
316 * make mini_inetd v6 aware
318 Changes in release 0.1k:
320 * bump shared libraries versions
321 * add roken version of inet_ntop
322 * merge more changes to rshd
324 Changes in release 0.1j:
326 * restore back to the `old' 3DES code. This was supposed to be done
327 in 0.1h and 0.1i but I did a CVS screw-up.
328 * make telnetd handle v6 connections
330 Changes in release 0.1i:
332 * start using `struct sockaddr_storage' which simplifies the code
333 (with a fallback definition if it's not defined)
334 * bug fixes (including in hprop and kf)
335 * don't use mawk which seems to mishandle roken.awk
336 * get_addrs should be able to handle v6 addresses on Linux (with the
337 required patch to the Linux kernel -- ask within)
338 * rshd builds with shadow passwords
340 Changes in release 0.1h:
342 * kf: new program for forwarding credentials
344 * make forwarding credentials work with MIT code
345 * better conversion of ka database
346 * add etc/services.append
347 * correct `modified by' from kpasswdd
350 Changes in release 0.1g:
352 * kgetcred: new program for explicitly obtaining tickets
357 Changes in release 0.1f;
359 * experimental support for v4 kadmin protokoll in kadmind
362 Changes in release 0.1e:
364 * try to handle old DCE and MIT kdcs
365 * support for older versions of credential cache files and keytabs
366 * postdated tickets work
367 * support for password quality checks in kpasswdd
368 * new flag --enable-kaserver for kdc
370 * prototype su program
371 * updated (some) manpages
372 * support for KDC resource records
373 * should build with --without-krb4
376 Changes in release 0.1d:
378 * Support building with DB2 (uses 1.85-compat API)
379 * Support krb5-realm.DOMAIN in DNS
380 * new `ktutil srvcreate'
381 * v4/kafs support in klist/kdestroy
384 Changes in release 0.1c:
386 * fix ASN.1 encoding of signed integers
387 * somewhat working `ktutil get'
388 * some documentation updates
389 * update to Autoconf 2.13 and Automake 1.4
390 * the usual bug fixes
392 Changes in release 0.1b:
394 * some old -> new crypto conversion utils
397 Changes in release 0.1a:
401 * make sure we ask for DES keys in gssapi
402 * support signed ints in ASN1
405 Changes in release 0.0u:
409 Changes in release 0.0t:
411 * more robust parsing of krb5.conf
412 * include net{read,write} in lib/roken
415 Changes in release 0.0s:
417 * kludges for parsing options to rsh
418 * more robust parsing of krb5.conf
419 * removed some arbitrary limits
422 Changes in release 0.0r:
424 * default options for some programs
427 Changes in release 0.0q:
429 * support for building shared libraries with libtool
432 Changes in release 0.0p:
434 * keytab moved to /etc/krb5.keytab
435 * avoid false detection of IPv6 on Linux
436 * Lots of more functionality in the gssapi-library
437 * hprop can now read ka-server databases
440 Changes in release 0.0o:
442 * FTP with GSSAPI support.
445 Changes in release 0.0n:
447 * Incremental database propagation.
448 * Somewhat improved kadmin ui; the stuff in admin is now removed.
449 * Some support for using enctypes instead of keytypes.
450 * Lots of other improvement and bug fixes, see ChangeLog for details.