1Release Notes - Heimdal - Version Heimdal 1.5.2 2 3 Security fixes 4 - CVE-2011-4862 Buffer overflow in libtelnet/encrypt.c in telnetd - escalation of privilege 5 - Check that key types strictly match - denial of service 6 7Release Notes - Heimdal - Version Heimdal 1.5.1 8 9 Bug fixes 10 - Fix building on Solaris, requires c99 11 - Fix building on Windows 12 - Build system updates 13 14Release Notes - Heimdal - Version Heimdal 1.5 15 16New features 17 18 - Support GSS name extensions/attributes 19 - SHA512 support 20 - No Kerberos 4 support 21 - Basic support for MIT Admin protocol (SECGSS flavor) 22 in kadmind (extract keytab) 23 - Replace editline with libedit 24 25Release Notes - Heimdal - Version Heimdal 1.4 26 27 New features 28 29 - Support for reading MIT database file directly 30 - KCM is polished up and now used in production 31 - NTLM first class citizen, credentials stored in KCM 32 - Table driven ASN.1 compiler, smaller!, not enabled by default 33 - Native Windows client support 34 35Notes 36 37 - Disabled write support NDBM hdb backend (read still in there) since 38 it can't handle large records, please migrate to a diffrent backend 39 (like BDB4) 40 41Release Notes - Heimdal - Version Heimdal 1.3.3 42 43 Bug fixes 44 - Check the GSS-API checksum exists before trying to use it [CVE-2010-1321] 45 - Check NULL pointers before dereference them [kdc] 46 47Release Notes - Heimdal - Version Heimdal 1.3.2 48 49 Bug fixes 50 51 - Don't mix length when clearing hmac (could memset too much) 52 - More paranoid underrun checking when decrypting packets 53 - Check the password change requests and refuse to answer empty packets 54 - Build on OpenSolaris 55 - Renumber AD-SIGNED-TICKET since it was stolen from US 56 - Don't cache /dev/*random file descriptor, it doesn't get unloaded 57 - Make C++ safe 58 - Misc warnings 59 60Release Notes - Heimdal - Version Heimdal 1.3.1 61 62 Bug fixes 63 64 - Store KDC offset in credentials 65 - Many many more bug fixes 66 67Release Notes - Heimdal - Version Heimdal 1.3.1 68 69 New features 70 71 - Make work with OpenLDAPs krb5 overlay 72 73Release Notes - Heimdal - Version Heimdal 1.3 74 75 New features 76 77 - Partial support for MIT kadmind rpc protocol in kadmind 78 - Better support for finding keytab entries when using SPN aliases in the KDC 79 - Support BER in ASN.1 library (needed for CMS) 80 - Support decryption in Keychain private keys 81 - Support for new sqlite based credential cache 82 - Try both KDC referals and the common DNS reverse lookup in GSS-API 83 - Fix the KCM to not leak resources on failure 84 - Add IPv6 support to iprop 85 - Support localization of error strings in 86 kinit/klist/kdestroy and Kerberos library 87 - Remove Kerberos 4 support in application (still in KDC) 88 - Deprecate DES 89 - Support i18n password in windows domains (using UTF-8) 90 - More complete API emulation of OpenSSL in hcrypto 91 - Support for ECDSA and ECDH when linking with OpenSSL 92 93 API changes 94 95 - Support for settin friendly name on credential caches 96 - Move to using doxygen to generate documentation. 97 - Sprinkling __attribute__((depricated)) for old function to be removed 98 - Support to export LAST-REQUST information in AS-REQ 99 - Support for client deferrals in in AS-REQ 100 - Add seek support for krb5_storage. 101 - Support for split AS-REQ, first step for IA-KERB 102 - Fix many memory leaks and bugs 103 - Improved regression test 104 - Support krb5_cccol 105 - Switch to krb5_set_error_message 106 - Support krb5_crypto_*_iov 107 - Switch to use EVP for most function 108 - Use SOCK_CLOEXEC and O_CLOEXEC (close on exec) 109 - Add support for GSS_C_DELEG_POLICY_FLAG 110 - Add krb5_cc_[gs]et_config to store data in the credential caches 111 - PTY testing application 112 113Bugfixes 114 - Make building on AIX6 possible. 115 - Bugfixes in LDAP KDC code to make it more stable 116 - Make ipropd-slave reconnect when master down gown 117 118 119Release Notes - Heimdal - Version Heimdal 1.2.1 120 121* Bug 122 123 [HEIMDAL-147] - Heimdal 1.2 not compiling on Solaris 124 [HEIMDAL-151] - Make canned tests work again after cert expired 125 [HEIMDAL-152] - iprop test: use full hostname to avoid realm 126 resolving errors 127 [HEIMDAL-153] - ftp: Use the correct length for unmap, msync 128 129Release Notes - Heimdal - Version Heimdal 1.2 130 131* Bug 132 133 [HEIMDAL-10] - Follow-up on bug report for SEGFAULT in 134 gss_display_name/gss_export_name when using SPNEGO 135 [HEIMDAL-15] - Re: [Heimdal-bugs] potential bug in Heimdal 1.1 136 [HEIMDAL-17] - Remove support for depricated [libdefaults]capath 137 [HEIMDAL-52] - hdb overwrite aliases for db databases 138 [HEIMDAL-54] - Two issues which affect credentials delegation 139 [HEIMDAL-58] - sockbuf.c calls setsockopt with bad args 140 [HEIMDAL-62] - Fix printing of sig_atomic_t 141 [HEIMDAL-87] - heimdal 1.1 not building under cygwin in hcrypto 142 [HEIMDAL-105] - rcp: sync rcp with upstream bsd rcp codebase 143 [HEIMDAL-117] - Use libtool to detect symbol versioning (Debian Bug#453241) 144 145* Improvement 146 [HEIMDAL-67] - Fix locking and store credential in atomic writes 147 in the FILE credential cache 148 [HEIMDAL-106] - make compile on cygwin again 149 [HEIMDAL-107] - Replace old random key generation in des module 150 and use it with RAND_ function instead 151 [HEIMDAL-115] - Better documentation and compatibility in hcrypto 152 in regards to OpenSSL 153 154* New Feature 155 [HEIMDAL-3] - pkinit alg agility PRF test vectors 156 [HEIMDAL-14] - Add libwind to Heimdal 157 [HEIMDAL-16] - Use libwind in hx509 158 [HEIMDAL-55] - Add flag to krb5 to not add GSS-API INT|CONF to 159 the negotiation 160 [HEIMDAL-74] - Add support to report extended error message back 161 in AS-REQ to support windows clients 162 [HEIMDAL-116] - test pty based application (using rkpty) 163 [HEIMDAL-120] - Use new OpenLDAP API (older deprecated) 164 165* Task 166 [HEIMDAL-63] - Dont try key usage KRB5_KU_AP_REQ_AUTH for TGS-REQ. 167 This drop compatibility with pre 0.3d KDCs. 168 [HEIMDAL-64] - kcm: first implementation of kcm-move-cache 169 [HEIMDAL-65] - Failed to compile with --disable-pk-init 170 [HEIMDAL-80] - verify that [VU#162289]: gcc silently discards some 171 wraparound checks doesn't apply to Heimdal 172 173Changes in release 1.1 174 175 * Read-only PKCS11 provider built-in to hx509. 176 177 * Documentation for hx509, hcrypto and ntlm libraries improved. 178 179 * Better compatibilty with Windows 2008 Server pre-releases and Vista. 180 181 * Mac OS X 10.5 support for native credential cache. 182 183 * Provide pkg-config file for Heimdal (heimdal-gssapi.pc). 184 185 * Bug fixes. 186 187Changes in release 1.0.2 188 189* Ubuntu packages. 190 191* Bug fixes. 192 193Changes in release 1.0.1 194 195 * Serveral bug fixes to iprop. 196 197 * Make work on platforms without dlopen. 198 199 * Add RFC3526 modp group14 as default. 200 201 * Handle [kdc] database = { } entries without realm = stanzas. 202 203 * Make krb5_get_renewed_creds work. 204 205 * Make kaserver preauth work again. 206 207 * Bug fixes. 208 209Changes in release 1.0 210 211 * Add gss_pseudo_random() for mechglue and krb5. 212 213 * Make session key for the krbtgt be selected by the best encryption 214 type of the client. 215 216 * Better interoperability with other PK-INIT implementations. 217 218 * Inital support for Mac OS X Keychain for hx509. 219 220 * Alias support for inital ticket requests. 221 222 * Add symbol versioning to selected libraries on platforms that uses 223 GNU link editor: gssapi, hcrypto, heimntlm, hx509, krb5, and libkdc. 224 225 * New version of imath included in hcrypto. 226 227 * Fix memory leaks. 228 229 * Bugs fixes. 230 231Changes in release 0.8.1 232 233 * Make ASN.1 library less paranoid to with regard to NUL in string to 234 make it inter-operate with MIT Kerberos again. 235 236 * Make GSS-API library work again when using gss_acquire_cred 237 238 * Add symbol versioning to libgssapi when using GNU ld. 239 240 * Fix memory leaks 241 242 * Bugs fixes 243 244Changes in release 0.8 245 246 * PK-INIT support. 247 248 * HDB extensions support, used by PK-INIT. 249 250 * New ASN.1 compiler. 251 252 * GSS-API mechglue from FreeBSD. 253 254 * Updated SPNEGO to support RFC4178. 255 256 * Support for Cryptosystem Negotiation Extension (RFC 4537). 257 258 * A new X.509 library (hx509) and related crypto functions. 259 260 * A new ntlm library (heimntlm) and related crypto functions. 261 262 * Updated the built-in crypto library with bignum support using 263 imath, support for RSA and DH and renamed it to libhcrypto. 264 265 * Subsystem in the KDC, digest, that will perform the digest 266 operation in the KDC, currently supports: CHAP, MS-CHAP-V2, SASL 267 DIGEST-MD5 NTLMv1 and NTLMv2. 268 269 * KDC will return the "response too big" error to force TCP retries 270 for large (default 1400 bytes) UDP replies. This is common for 271 PK-INIT requests. 272 273 * Libkafs defaults to use 2b tokens. 274 275 * Default to use the API cache on Mac OS X. 276 277 * krb5_kuserok() also checks ~/.k5login.d directory for acl files, 278 see manpage for krb5_kuserok for description. 279 280 * Many, many, other updates to code and info manual and manual pages. 281 282 * Bug fixes 283 284Changes in release 0.7.2 285 286* Fix security problem in rshd that enable an attacker to overwrite 287 and change ownership of any file that root could write. 288 289* Fix a DOS in telnetd. The attacker could force the server to crash 290 in a NULL de-reference before the user logged in, resulting in inetd 291 turning telnetd off because it forked too fast. 292 293* Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name 294 exists in the keytab before returning success. This allows servers 295 to check if its even possible to use GSSAPI. 296 297* Fix receiving end of token delegation for GSS-API. It still wrongly 298 uses subkey for sending for compatibility reasons, this will change 299 in 0.8. 300 301* telnetd, login and rshd are now more verbose in logging failed and 302 successful logins. 303 304* Bug fixes 305 306Changes in release 0.7.1 307 308* Bug fixes 309 310Changes in release 0.7 311 312 * Support for KCM, a process based credential cache 313 314 * Support CCAPI credential cache 315 316 * SPNEGO support 317 318 * AES (and the gssapi conterpart, CFX) support 319 320 * Adding new and improve old documentation 321 322 * Bug fixes 323 324Changes in release 0.6.6 325 326* Fix security problem in rshd that enable an attacker to overwrite 327 and change ownership of any file that root could write. 328 329* Fix a DOS in telnetd. The attacker could force the server to crash 330 in a NULL de-reference before the user logged in, resulting in inetd 331 turning telnetd off because it forked too fast. 332 333Changes in release 0.6.5 334 335 * fix vulnerabilities in telnetd 336 337 * unbreak Kerberos 4 and kaserver 338 339Changes in release 0.6.4 340 341 * fix vulnerabilities in telnet 342 343 * rshd: encryption without a separate error socket should now work 344 345 * telnet now uses appdefaults for the encrypt and forward/forwardable 346 settings 347 348 * bug fixes 349 350Changes in release 0.6.3 351 352 * fix vulnerabilities in ftpd 353 354 * support for linux AFS /proc "syscalls" 355 356 * support for RFC3244 (Windows 2000 Kerberos Change/Set Password) in 357 kpasswdd 358 359 * fix possible KDC denial of service 360 361 * bug fixes 362 363Changes in release 0.6.2 364 365 * Fix possible buffer overrun in v4 kadmin (which now defaults to off) 366 367Changes in release 0.6.1 368 369 * Fixed ARCFOUR suppport 370 371 * Cross realm vulnerability 372 373 * kdc: fix denial of service attack 374 375 * kdc: stop clients from renewing tickets into the future 376 377 * bug fixes 378 379Changes in release 0.6 380 381* The DES3 GSS-API mechanism has been changed to inter-operate with 382 other GSSAPI implementations. See man page for gssapi(3) how to turn 383 on generation of correct MIC messages. Next major release of heimdal 384 will generate correct MIC by default. 385 386* More complete GSS-API support 387 388* Better AFS support: kdc (524) supports 2b; 524 in kdc and AFS 389 support in applications no longer requires Kerberos 4 libs 390 391* Kerberos 4 support in kdc defaults to turned off (includes ka and 524) 392 393* other bug fixes 394 395Changes in release 0.5.2 396 397 * kdc: add option for disabling v4 cross-realm (defaults to off) 398 399 * bug fixes 400 401Changes in release 0.5.1 402 403 * kadmind: fix remote exploit 404 405 * kadmind: add option to disable kerberos 4 406 407 * kdc: make sure kaserver token life is positive 408 409 * telnet: use the session key if there is no subkey 410 411 * fix EPSV parsing in ftp 412 413 * other bug fixes 414 415Changes in release 0.5 416 417 * add --detach option to kdc 418 419 * allow setting forward and forwardable option in telnet from 420 .telnetrc, with override from command line 421 422 * accept addresses with or without ports in krb5_rd_cred 423 424 * make it work with modern openssl 425 426 * use our own string2key function even with openssl (that handles weak 427 keys incorrectly) 428 429 * more system-specific requirements in login 430 431 * do not use getlogin() to determine root in su 432 433 * telnet: abort if telnetd does not support encryption 434 435 * update autoconf to 2.53 436 437 * update config.guess, config.sub 438 439 * other bug fixes 440 441Changes in release 0.4e 442 443 * improve libcrypto and database autoconf tests 444 445 * do not care about salting of server principals when serving v4 requests 446 447 * some improvements to gssapi library 448 449 * test for existing compile_et/libcom_err 450 451 * portability fixes 452 453 * bug fixes 454 455Changes in release 0.4d 456 457 * fix some problems when using libcrypto from openssl 458 459 * handle /dev/ptmx `unix98' ptys on Linux 460 461 * add some forgotten man pages 462 463 * rsh: clean-up and add man page 464 465 * fix -A and -a in builtin-ls in tpd 466 467 * fix building problem on Irix 468 469 * make `ktutil get' more efficient 470 471 * bug fixes 472 473Changes in release 0.4c 474 475 * fix buffer overrun in telnetd 476 477 * repair some of the v4 fallback code in kinit 478 479 * add more shared library dependencies 480 481 * simplify and fix hprop handling of v4 databases 482 483 * fix some building problems (osf's sia and osfc2 login) 484 485 * bug fixes 486 487Changes in release 0.4b 488 489 * update the shared library version numbers correctly 490 491Changes in release 0.4a 492 493 * corrected key used for checksum in mk_safe, unfortunately this 494 makes it backwards incompatible 495 496 * update to autoconf 2.50, libtool 1.4 497 498 * re-write dns/config lookups (krb5_krbhst API) 499 500 * make order of using subkeys consistent 501 502 * add man page links 503 504 * add more man pages 505 506 * remove rfc2052 support, now only rfc2782 is supported 507 508 * always build with kaserver protocol support in the KDC (assuming 509 KRB4 is enabled) and support for reading kaserver databases in 510 hprop 511 512Changes in release 0.3f 513 514 * change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab, 515 the new keytab type that tries both of these in order (SRVTAB is 516 also an alias for krb4:) 517 518 * improve error reporting and error handling (error messages should 519 be more detailed and more useful) 520 521 * improve building with openssl 522 523 * add kadmin -K, rcp -F 524 525 * fix two incorrect weak DES keys 526 527 * fix building of kaserver compat in KDC 528 529 * the API is closer to what MIT krb5 is using 530 531 * more compatible with windows 2000 532 533 * removed some memory leaks 534 535 * bug fixes 536 537Changes in release 0.3e 538 539 * rcp program included 540 541 * fix buffer overrun in ftpd 542 543 * handle omitted sequence numbers as zeroes to handle MIT krb5 that 544 cannot generate zero sequence numbers 545 546 * handle v4 /.k files better 547 548 * configure/portability fixes 549 550 * fixes in parsing of options to kadmin (sub-)commands 551 552 * handle errors in kadmin load better 553 554 * bug fixes 555 556Changes in release 0.3d 557 558 * add krb5-config 559 560 * fix a bug in 3des gss-api mechanism, making it compatible with the 561 specification and the MIT implementation 562 563 * make telnetd only allow a specific list of environment variables to 564 stop it from setting `sensitive' variables 565 566 * try to use an existing libdes 567 568 * lib/krb5, kdc: use correct usage type for ap-req messages. This 569 should improve compatability with MIT krb5 when using 3DES 570 encryption types 571 572 * kdc: fix memory allocation problem 573 574 * update config.guess and config.sub 575 576 * lib/roken: more stuff implemented 577 578 * bug fixes and portability enhancements 579 580Changes in release 0.3c 581 582 * lib/krb5: memory caches now support the resolve operation 583 584 * appl/login: set PATH to some sane default 585 586 * kadmind: handle several realms 587 588 * bug fixes (including memory leaks) 589 590Changes in release 0.3b 591 592 * kdc: prefer default-salted keys on v5 requests 593 594 * kdc: lowercase hostnames in v4 mode 595 596 * hprop: handle more types of MIT salts 597 598 * lib/krb5: fix memory leak 599 600 * bug fixes 601 602Changes in release 0.3a: 603 604 * implement arcfour-hmac-md5 to interoperate with W2K 605 606 * modularise the handling of the master key, and allow for other 607 encryption types. This makes it easier to import a database from 608 some other source without having to re-encrypt all keys. 609 610 * allow for better control over which encryption types are created 611 612 * make kinit fallback to v4 if given a v4 KDC 613 614 * make klist work better with v4 and v5, and add some more MIT 615 compatibility options 616 617 * make the kdc listen on the krb524 (4444) port for compatibility 618 with MIT krb5 clients 619 620 * implement more DCE/DFS support, enabled with --enable-dce, see 621 lib/kdfs and appl/dceutils 622 623 * make the sequence numbers work correctly 624 625 * bug fixes 626 627Changes in release 0.2t: 628 629 * bug fixes 630 631Changes in release 0.2s: 632 633 * add OpenLDAP support in hdb 634 635 * login will get v4 tickets when it receives forwarded tickets 636 637 * xnlock supports both v5 and v4 638 639 * repair source routing for telnet 640 641 * fix building problems with krb4 (krb_mk_req) 642 643 * bug fixes 644 645Changes in release 0.2r: 646 647 * fix realloc memory corruption bug in kdc 648 649 * `add --key' and `cpw --key' in kadmin 650 651 * klist supports listing v4 tickets 652 653 * update config.guess and config.sub 654 655 * make v4 -> v5 principal name conversion more robust 656 657 * support for anonymous tickets 658 659 * new man-pages 660 661 * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab. 662 663 * use and set expiration and not password expiration when dumping 664 to/from ka server databases / krb4 databases 665 666 * make the code happier with 64-bit time_t 667 668 * follow RFC2782 and by default do not look for non-underscore SRV names 669 670Changes in release 0.2q: 671 672 * bug fix in tcp-handling in kdc 673 674 * bug fix in expand_hostname 675 676Changes in release 0.2p: 677 678 * bug fix in `kadmin load/merge' 679 680 * bug fix in krb5_parse_address 681 682Changes in release 0.2o: 683 684 * gss_{import,export}_sec_context added to libgssapi 685 686 * new option --addresses to kdc (for listening on an explicit set of 687 addresses) 688 689 * bug fixes in the krb4 and kaserver emulation part of the kdc 690 691 * other bug fixes 692 693Changes in release 0.2n: 694 695 * more robust parsing of dump files in kadmin 696 * changed default timestamp format for log messages to extended ISO 697 8601 format (Y-M-DTH:M:S) 698 * changed md4/md5/sha1 APIes to be de-facto `standard' 699 * always make hostname into lower-case before creating principal 700 * small bits of more MIT-compatability 701 * bug fixes 702 703Changes in release 0.2m: 704 705 * handle glibc's getaddrinfo() that returns several ai_canonname 706 707 * new endian test 708 709 * man pages fixes 710 711Changes in release 0.2l: 712 713 * bug fixes 714 715Changes in release 0.2k: 716 717 * better IPv6 test 718 719 * make struct sockaddr_storage in roken work better on alphas 720 721 * some missing [hn]to[hn]s fixed. 722 723 * allow users to change their own passwords with kadmin (with initial 724 tickets) 725 726 * fix stupid bug in parsing KDC specification 727 728 * add `ktutil change' and `ktutil purge' 729 730Changes in release 0.2j: 731 732 * builds on Irix 733 734 * ftpd works in passive mode 735 736 * should build on cygwin 737 738 * work around broken IPv6-code on OpenBSD 2.6, also add configure 739 option --disable-ipv6 740 741Changes in release 0.2i: 742 743 * use getaddrinfo in the missing places. 744 745 * fix SRV lookup for admin server 746 747 * use get{addr,name}info everywhere. and implement it in terms of 748 getipnodeby{name,addr} (which uses gethostbyname{,2} and 749 gethostbyaddr) 750 751Changes in release 0.2h: 752 753 * fix typo in kx (now compiles) 754 755Changes in release 0.2g: 756 757 * lots of bug fixes: 758 * push works 759 * repair appl/test programs 760 * sockaddr_storage works on solaris (alignment issues) 761 * works better with non-roken getaddrinfo 762 * rsh works 763 * some non standard C constructs removed 764 765Changes in release 0.2f: 766 767 * support SRV records for kpasswd 768 * look for both _kerberos and krb5-realm when doing host -> realm mapping 769 770Changes in release 0.2e: 771 772 * changed copyright notices to remove `advertising'-clause. 773 * get{addr,name}info added to roken and used in the other code 774 (this makes things work much better with hosts with both v4 and v6 775 addresses, among other things) 776 * do pre-auth for both password and key-based get_in_tkt 777 * support for having several databases 778 * new command `del_enctype' in kadmin 779 * strptime (and new strftime) add to roken 780 * more paranoia about finding libdb 781 * bug fixes 782 783Changes in release 0.2d: 784 785 * new configuration option [libdefaults]default_etypes_des 786 * internal ls in ftpd builds without KRB4 787 * kx/rsh/push/pop_debug tries v5 and v4 consistenly 788 * build bug fixes 789 * other bug fixes 790 791Changes in release 0.2c: 792 793 * bug fixes (see ChangeLog's for details) 794 795Changes in release 0.2b: 796 797 * bug fixes 798 * actually bump shared library versions 799 800Changes in release 0.2a: 801 802 * a new program verify_krb5_conf for checking your /etc/krb5.conf 803 * add 3DES keys when changing password 804 * support null keys in database 805 * support multiple local realms 806 * implement a keytab backend for AFS KeyFile's 807 * implement a keytab backend for v4 srvtabs 808 * implement `ktutil copy' 809 * support password quality control in v4 kadmind 810 * improvements in v4 compat kadmind 811 * handle the case of having the correct cred in the ccache but with 812 the wrong encryption type better 813 * v6-ify the remaining programs. 814 * internal ls in ftpd 815 * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat 816 * add `ank --random-password' and `cpw --random-password' in kadmin 817 * some programs and documentation for trying to talk to a W2K KDC 818 * bug fixes 819 820Changes in release 0.1m: 821 822 * support for getting default from krb5.conf for kinit/kf/rsh/telnet. 823 From Miroslav Ruda <ruda@ics.muni.cz> 824 * v6-ify hprop and hpropd 825 * support numeric addresses in krb5_mk_req 826 * shadow support in login and su. From Miroslav Ruda <ruda@ics.muni.cz> 827 * make rsh/rshd IPv6-aware 828 * make the gssapi sample applications better at reporting errors 829 * lots of bug fixes 830 * handle systems with v6-aware libc and non-v6 kernels (like Linux 831 with glibc 2.1) better 832 * hide failure of ERPT in ftp 833 * lots of bug fixes 834 835Changes in release 0.1l: 836 837 * make ftp and ftpd IPv6-aware 838 * add inet_pton to roken 839 * more IPv6-awareness 840 * make mini_inetd v6 aware 841 842Changes in release 0.1k: 843 844 * bump shared libraries versions 845 * add roken version of inet_ntop 846 * merge more changes to rshd 847 848Changes in release 0.1j: 849 850 * restore back to the `old' 3DES code. This was supposed to be done 851 in 0.1h and 0.1i but I did a CVS screw-up. 852 * make telnetd handle v6 connections 853 854Changes in release 0.1i: 855 856 * start using `struct sockaddr_storage' which simplifies the code 857 (with a fallback definition if it's not defined) 858 * bug fixes (including in hprop and kf) 859 * don't use mawk which seems to mishandle roken.awk 860 * get_addrs should be able to handle v6 addresses on Linux (with the 861 required patch to the Linux kernel -- ask within) 862 * rshd builds with shadow passwords 863 864Changes in release 0.1h: 865 866 * kf: new program for forwarding credentials 867 * portability fixes 868 * make forwarding credentials work with MIT code 869 * better conversion of ka database 870 * add etc/services.append 871 * correct `modified by' from kpasswdd 872 * lots of bug fixes 873 874Changes in release 0.1g: 875 876 * kgetcred: new program for explicitly obtaining tickets 877 * configure fixes 878 * krb5-aware kx 879 * bug fixes 880 881Changes in release 0.1f; 882 883 * experimental support for v4 kadmin protokoll in kadmind 884 * bug fixes 885 886Changes in release 0.1e: 887 888 * try to handle old DCE and MIT kdcs 889 * support for older versions of credential cache files and keytabs 890 * postdated tickets work 891 * support for password quality checks in kpasswdd 892 * new flag --enable-kaserver for kdc 893 * renew fixes 894 * prototype su program 895 * updated (some) manpages 896 * support for KDC resource records 897 * should build with --without-krb4 898 * bug fixes 899 900Changes in release 0.1d: 901 902 * Support building with DB2 (uses 1.85-compat API) 903 * Support krb5-realm.DOMAIN in DNS 904 * new `ktutil srvcreate' 905 * v4/kafs support in klist/kdestroy 906 * bug fixes 907 908Changes in release 0.1c: 909 910 * fix ASN.1 encoding of signed integers 911 * somewhat working `ktutil get' 912 * some documentation updates 913 * update to Autoconf 2.13 and Automake 1.4 914 * the usual bug fixes 915 916Changes in release 0.1b: 917 918 * some old -> new crypto conversion utils 919 * bug fixes 920 921Changes in release 0.1a: 922 923 * new crypto code 924 * more bug fixes 925 * make sure we ask for DES keys in gssapi 926 * support signed ints in ASN1 927 * IPv6-bug fixes 928 929Changes in release 0.0u: 930 931 * lots of bug fixes 932 933Changes in release 0.0t: 934 935 * more robust parsing of krb5.conf 936 * include net{read,write} in lib/roken 937 * bug fixes 938 939Changes in release 0.0s: 940 941 * kludges for parsing options to rsh 942 * more robust parsing of krb5.conf 943 * removed some arbitrary limits 944 * bug fixes 945 946Changes in release 0.0r: 947 948 * default options for some programs 949 * bug fixes 950 951Changes in release 0.0q: 952 953 * support for building shared libraries with libtool 954 * bug fixes 955 956Changes in release 0.0p: 957 958 * keytab moved to /etc/krb5.keytab 959 * avoid false detection of IPv6 on Linux 960 * Lots of more functionality in the gssapi-library 961 * hprop can now read ka-server databases 962 * bug fixes 963 964Changes in release 0.0o: 965 966 * FTP with GSSAPI support. 967 * Bug fixes. 968 969Changes in release 0.0n: 970 971 * Incremental database propagation. 972 * Somewhat improved kadmin ui; the stuff in admin is now removed. 973 * Some support for using enctypes instead of keytypes. 974 * Lots of other improvement and bug fixes, see ChangeLog for details. 975