1 Changes in release 0.3e
5 * fix buffer overrun in ftpd
7 * handle omitted sequence numbers as zeroes to handle MIT krb5 that
8 cannot generate zero sequence numbers
10 * handle v4 /.k files better
12 * configure/portability fixes
14 * fixes in parsing of options to kadmin (sub-)commands
16 * handle errors in kadmin load better
20 Changes in release 0.3d
24 * fix a bug in 3des gss-api mechanism, making it compatible with the
25 specification and the MIT implementation
27 * make telnetd only allow a specific list of environment variables to
28 stop it from setting `sensitive' variables
30 * try to use an existing libdes
32 * lib/krb5, kdc: use correct usage type for ap-req messages. This
33 should improve compatability with MIT krb5 when using 3DES
36 * kdc: fix memory allocation problem
38 * update config.guess and config.sub
40 * lib/roken: more stuff implemented
42 * bug fixes and portability enhancements
44 Changes in release 0.3c
46 * lib/krb5: memory caches now support the resolve operation
48 * appl/login: set PATH to some sane default
50 * kadmind: handle several realms
52 * bug fixes (including memory leaks)
54 Changes in release 0.3b
56 * kdc: prefer default-salted keys on v5 requests
58 * kdc: lowercase hostnames in v4 mode
60 * hprop: handle more types of MIT salts
62 * lib/krb5: fix memory leak
66 Changes in release 0.3a:
68 * implement arcfour-hmac-md5 to interoperate with W2K
70 * modularise the handling of the master key, and allow for other
71 encryption types. This makes it easier to import a database from
72 some other source without having to re-encrypt all keys.
74 * allow for better control over which encryption types are created
76 * make kinit fallback to v4 if given a v4 KDC
78 * make klist work better with v4 and v5, and add some more MIT
81 * make the kdc listen on the krb524 (4444) port for compatibility
84 * implement more DCE/DFS support, enabled with --enable-dce, see
85 lib/kdfs and appl/dceutils
87 * make the sequence numbers work correctly
91 Changes in release 0.2t:
95 Changes in release 0.2s:
97 * add OpenLDAP support in hdb
99 * login will get v4 tickets when it receives forwarded tickets
101 * xnlock supports both v5 and v4
103 * repair source routing for telnet
105 * fix building problems with krb4 (krb_mk_req)
109 Changes in release 0.2r:
111 * fix realloc memory corruption bug in kdc
113 * `add --key' and `cpw --key' in kadmin
115 * klist supports listing v4 tickets
117 * update config.guess and config.sub
119 * make v4 -> v5 principal name conversion more robust
121 * support for anonymous tickets
125 * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab.
127 * use and set expiration and not password expiration when dumping
128 to/from ka server databases / krb4 databases
130 * make the code happier with 64-bit time_t
132 * follow RFC2782 and by default do not look for non-underscore SRV names
134 Changes in release 0.2q:
136 * bug fix in tcp-handling in kdc
138 * bug fix in expand_hostname
140 Changes in release 0.2p:
142 * bug fix in `kadmin load/merge'
144 * bug fix in krb5_parse_address
146 Changes in release 0.2o:
148 * gss_{import,export}_sec_context added to libgssapi
150 * new option --addresses to kdc (for listening on an explicit set of
153 * bug fixes in the krb4 and kaserver emulation part of the kdc
157 Changes in release 0.2n:
159 * more robust parsing of dump files in kadmin
160 * changed default timestamp format for log messages to extended ISO
161 8601 format (Y-M-DTH:M:S)
162 * changed md4/md5/sha1 APIes to be de-facto `standard'
163 * always make hostname into lower-case before creating principal
164 * small bits of more MIT-compatability
167 Changes in release 0.2m:
169 * handle glibc's getaddrinfo() that returns several ai_canonname
175 Changes in release 0.2l:
179 Changes in release 0.2k:
183 * make struct sockaddr_storage in roken work better on alphas
185 * some missing [hn]to[hn]s fixed.
187 * allow users to change their own passwords with kadmin (with initial
190 * fix stupid bug in parsing KDC specification
192 * add `ktutil change' and `ktutil purge'
194 Changes in release 0.2j:
198 * ftpd works in passive mode
200 * should build on cygwin
202 * work around broken IPv6-code on OpenBSD 2.6, also add configure
203 option --disable-ipv6
205 Changes in release 0.2i:
207 * use getaddrinfo in the missing places.
209 * fix SRV lookup for admin server
211 * use get{addr,name}info everywhere. and implement it in terms of
212 getipnodeby{name,addr} (which uses gethostbyname{,2} and
215 Changes in release 0.2h:
217 * fix typo in kx (now compiles)
219 Changes in release 0.2g:
223 * repair appl/test programs
224 * sockaddr_storage works on solaris (alignment issues)
225 * works better with non-roken getaddrinfo
227 * some non standard C constructs removed
229 Changes in release 0.2f:
231 * support SRV records for kpasswd
232 * look for both _kerberos and krb5-realm when doing host -> realm mapping
234 Changes in release 0.2e:
236 * changed copyright notices to remove `advertising'-clause.
237 * get{addr,name}info added to roken and used in the other code
238 (this makes things work much better with hosts with both v4 and v6
239 addresses, among other things)
240 * do pre-auth for both password and key-based get_in_tkt
241 * support for having several databases
242 * new command `del_enctype' in kadmin
243 * strptime (and new strftime) add to roken
244 * more paranoia about finding libdb
247 Changes in release 0.2d:
249 * new configuration option [libdefaults]default_etypes_des
250 * internal ls in ftpd builds without KRB4
251 * kx/rsh/push/pop_debug tries v5 and v4 consistenly
255 Changes in release 0.2c:
257 * bug fixes (see ChangeLog's for details)
259 Changes in release 0.2b:
262 * actually bump shared library versions
264 Changes in release 0.2a:
266 * a new program verify_krb5_conf for checking your /etc/krb5.conf
267 * add 3DES keys when changing password
268 * support null keys in database
269 * support multiple local realms
270 * implement a keytab backend for AFS KeyFile's
271 * implement a keytab backend for v4 srvtabs
272 * implement `ktutil copy'
273 * support password quality control in v4 kadmind
274 * improvements in v4 compat kadmind
275 * handle the case of having the correct cred in the ccache but with
276 the wrong encryption type better
277 * v6-ify the remaining programs.
278 * internal ls in ftpd
279 * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat
280 * add `ank --random-password' and `cpw --random-password' in kadmin
281 * some programs and documentation for trying to talk to a W2K KDC
284 Changes in release 0.1m:
286 * support for getting default from krb5.conf for kinit/kf/rsh/telnet.
287 From Miroslav Ruda <ruda@ics.muni.cz>
288 * v6-ify hprop and hpropd
289 * support numeric addresses in krb5_mk_req
290 * shadow support in login and su. From Miroslav Ruda <ruda@ics.muni.cz>
291 * make rsh/rshd IPv6-aware
292 * make the gssapi sample applications better at reporting errors
294 * handle systems with v6-aware libc and non-v6 kernels (like Linux
295 with glibc 2.1) better
296 * hide failure of ERPT in ftp
299 Changes in release 0.1l:
301 * make ftp and ftpd IPv6-aware
302 * add inet_pton to roken
303 * more IPv6-awareness
304 * make mini_inetd v6 aware
306 Changes in release 0.1k:
308 * bump shared libraries versions
309 * add roken version of inet_ntop
310 * merge more changes to rshd
312 Changes in release 0.1j:
314 * restore back to the `old' 3DES code. This was supposed to be done
315 in 0.1h and 0.1i but I did a CVS screw-up.
316 * make telnetd handle v6 connections
318 Changes in release 0.1i:
320 * start using `struct sockaddr_storage' which simplifies the code
321 (with a fallback definition if it's not defined)
322 * bug fixes (including in hprop and kf)
323 * don't use mawk which seems to mishandle roken.awk
324 * get_addrs should be able to handle v6 addresses on Linux (with the
325 required patch to the Linux kernel -- ask within)
326 * rshd builds with shadow passwords
328 Changes in release 0.1h:
330 * kf: new program for forwarding credentials
332 * make forwarding credentials work with MIT code
333 * better conversion of ka database
334 * add etc/services.append
335 * correct `modified by' from kpasswdd
338 Changes in release 0.1g:
340 * kgetcred: new program for explicitly obtaining tickets
345 Changes in release 0.1f;
347 * experimental support for v4 kadmin protokoll in kadmind
350 Changes in release 0.1e:
352 * try to handle old DCE and MIT kdcs
353 * support for older versions of credential cache files and keytabs
354 * postdated tickets work
355 * support for password quality checks in kpasswdd
356 * new flag --enable-kaserver for kdc
358 * prototype su program
359 * updated (some) manpages
360 * support for KDC resource records
361 * should build with --without-krb4
364 Changes in release 0.1d:
366 * Support building with DB2 (uses 1.85-compat API)
367 * Support krb5-realm.DOMAIN in DNS
368 * new `ktutil srvcreate'
369 * v4/kafs support in klist/kdestroy
372 Changes in release 0.1c:
374 * fix ASN.1 encoding of signed integers
375 * somewhat working `ktutil get'
376 * some documentation updates
377 * update to Autoconf 2.13 and Automake 1.4
378 * the usual bug fixes
380 Changes in release 0.1b:
382 * some old -> new crypto conversion utils
385 Changes in release 0.1a:
389 * make sure we ask for DES keys in gssapi
390 * support signed ints in ASN1
393 Changes in release 0.0u:
397 Changes in release 0.0t:
399 * more robust parsing of krb5.conf
400 * include net{read,write} in lib/roken
403 Changes in release 0.0s:
405 * kludges for parsing options to rsh
406 * more robust parsing of krb5.conf
407 * removed some arbitrary limits
410 Changes in release 0.0r:
412 * default options for some programs
415 Changes in release 0.0q:
417 * support for building shared libraries with libtool
420 Changes in release 0.0p:
422 * keytab moved to /etc/krb5.keytab
423 * avoid false detection of IPv6 on Linux
424 * Lots of more functionality in the gssapi-library
425 * hprop can now read ka-server databases
428 Changes in release 0.0o:
430 * FTP with GSSAPI support.
433 Changes in release 0.0n:
435 * Incremental database propagation.
436 * Somewhat improved kadmin ui; the stuff in admin is now removed.
437 * Some support for using enctypes instead of keytypes.
438 * Lots of other improvement and bug fixes, see ChangeLog for details.