1Changes in release 0.3f 2 3 * change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab, 4 the new keytab type that tries both of these in order (SRVTAB is 5 also an alias for krb4:) 6 7 * improve error reporting and error handling (error messages should 8 be more detailed and more useful) 9 10 * improve building with openssl 11 12 * add kadmin -K, rcp -F 13 14 * fix two incorrect weak DES keys 15 16 * fix building of kaserver compat in KDC 17 18 * the API is closer to what MIT krb5 is using 19 20 * more compatible with windows 2000 21 22 * removed some memory leaks 23 24 * bug fixes 25 26Changes in release 0.3e 27 28 * rcp program included 29 30 * fix buffer overrun in ftpd 31 32 * handle omitted sequence numbers as zeroes to handle MIT krb5 that 33 cannot generate zero sequence numbers 34 35 * handle v4 /.k files better 36 37 * configure/portability fixes 38 39 * fixes in parsing of options to kadmin (sub-)commands 40 41 * handle errors in kadmin load better 42 43 * bug fixes 44 45Changes in release 0.3d 46 47 * add krb5-config 48 49 * fix a bug in 3des gss-api mechanism, making it compatible with the 50 specification and the MIT implementation 51 52 * make telnetd only allow a specific list of environment variables to 53 stop it from setting `sensitive' variables 54 55 * try to use an existing libdes 56 57 * lib/krb5, kdc: use correct usage type for ap-req messages. This 58 should improve compatability with MIT krb5 when using 3DES 59 encryption types 60 61 * kdc: fix memory allocation problem 62 63 * update config.guess and config.sub 64 65 * lib/roken: more stuff implemented 66 67 * bug fixes and portability enhancements 68 69Changes in release 0.3c 70 71 * lib/krb5: memory caches now support the resolve operation 72 73 * appl/login: set PATH to some sane default 74 75 * kadmind: handle several realms 76 77 * bug fixes (including memory leaks) 78 79Changes in release 0.3b 80 81 * kdc: prefer default-salted keys on v5 requests 82 83 * kdc: lowercase hostnames in v4 mode 84 85 * hprop: handle more types of MIT salts 86 87 * lib/krb5: fix memory leak 88 89 * bug fixes 90 91Changes in release 0.3a: 92 93 * implement arcfour-hmac-md5 to interoperate with W2K 94 95 * modularise the handling of the master key, and allow for other 96 encryption types. This makes it easier to import a database from 97 some other source without having to re-encrypt all keys. 98 99 * allow for better control over which encryption types are created 100 101 * make kinit fallback to v4 if given a v4 KDC 102 103 * make klist work better with v4 and v5, and add some more MIT 104 compatibility options 105 106 * make the kdc listen on the krb524 (4444) port for compatibility 107 with MIT krb5 clients 108 109 * implement more DCE/DFS support, enabled with --enable-dce, see 110 lib/kdfs and appl/dceutils 111 112 * make the sequence numbers work correctly 113 114 * bug fixes 115 116Changes in release 0.2t: 117 118 * bug fixes 119 120Changes in release 0.2s: 121 122 * add OpenLDAP support in hdb 123 124 * login will get v4 tickets when it receives forwarded tickets 125 126 * xnlock supports both v5 and v4 127 128 * repair source routing for telnet 129 130 * fix building problems with krb4 (krb_mk_req) 131 132 * bug fixes 133 134Changes in release 0.2r: 135 136 * fix realloc memory corruption bug in kdc 137 138 * `add --key' and `cpw --key' in kadmin 139 140 * klist supports listing v4 tickets 141 142 * update config.guess and config.sub 143 144 * make v4 -> v5 principal name conversion more robust 145 146 * support for anonymous tickets 147 148 * new man-pages 149 150 * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab. 151 152 * use and set expiration and not password expiration when dumping 153 to/from ka server databases / krb4 databases 154 155 * make the code happier with 64-bit time_t 156 157 * follow RFC2782 and by default do not look for non-underscore SRV names 158 159Changes in release 0.2q: 160 161 * bug fix in tcp-handling in kdc 162 163 * bug fix in expand_hostname 164 165Changes in release 0.2p: 166 167 * bug fix in `kadmin load/merge' 168 169 * bug fix in krb5_parse_address 170 171Changes in release 0.2o: 172 173 * gss_{import,export}_sec_context added to libgssapi 174 175 * new option --addresses to kdc (for listening on an explicit set of 176 addresses) 177 178 * bug fixes in the krb4 and kaserver emulation part of the kdc 179 180 * other bug fixes 181 182Changes in release 0.2n: 183 184 * more robust parsing of dump files in kadmin 185 * changed default timestamp format for log messages to extended ISO 186 8601 format (Y-M-DTH:M:S) 187 * changed md4/md5/sha1 APIes to be de-facto `standard' 188 * always make hostname into lower-case before creating principal 189 * small bits of more MIT-compatability 190 * bug fixes 191 192Changes in release 0.2m: 193 194 * handle glibc's getaddrinfo() that returns several ai_canonname 195 196 * new endian test 197 198 * man pages fixes 199 200Changes in release 0.2l: 201 202 * bug fixes 203 204Changes in release 0.2k: 205 206 * better IPv6 test 207 208 * make struct sockaddr_storage in roken work better on alphas 209 210 * some missing [hn]to[hn]s fixed. 211 212 * allow users to change their own passwords with kadmin (with initial 213 tickets) 214 215 * fix stupid bug in parsing KDC specification 216 217 * add `ktutil change' and `ktutil purge' 218 219Changes in release 0.2j: 220 221 * builds on Irix 222 223 * ftpd works in passive mode 224 225 * should build on cygwin 226 227 * work around broken IPv6-code on OpenBSD 2.6, also add configure 228 option --disable-ipv6 229 230Changes in release 0.2i: 231 232 * use getaddrinfo in the missing places. 233 234 * fix SRV lookup for admin server 235 236 * use get{addr,name}info everywhere. and implement it in terms of 237 getipnodeby{name,addr} (which uses gethostbyname{,2} and 238 gethostbyaddr) 239 240Changes in release 0.2h: 241 242 * fix typo in kx (now compiles) 243 244Changes in release 0.2g: 245 246 * lots of bug fixes: 247 * push works 248 * repair appl/test programs 249 * sockaddr_storage works on solaris (alignment issues) 250 * works better with non-roken getaddrinfo 251 * rsh works 252 * some non standard C constructs removed 253 254Changes in release 0.2f: 255 256 * support SRV records for kpasswd 257 * look for both _kerberos and krb5-realm when doing host -> realm mapping 258 259Changes in release 0.2e: 260 261 * changed copyright notices to remove `advertising'-clause. 262 * get{addr,name}info added to roken and used in the other code 263 (this makes things work much better with hosts with both v4 and v6 264 addresses, among other things) 265 * do pre-auth for both password and key-based get_in_tkt 266 * support for having several databases 267 * new command `del_enctype' in kadmin 268 * strptime (and new strftime) add to roken 269 * more paranoia about finding libdb 270 * bug fixes 271 272Changes in release 0.2d: 273 274 * new configuration option [libdefaults]default_etypes_des 275 * internal ls in ftpd builds without KRB4 276 * kx/rsh/push/pop_debug tries v5 and v4 consistenly 277 * build bug fixes 278 * other bug fixes 279 280Changes in release 0.2c: 281 282 * bug fixes (see ChangeLog's for details) 283 284Changes in release 0.2b: 285 286 * bug fixes 287 * actually bump shared library versions 288 289Changes in release 0.2a: 290 291 * a new program verify_krb5_conf for checking your /etc/krb5.conf 292 * add 3DES keys when changing password 293 * support null keys in database 294 * support multiple local realms 295 * implement a keytab backend for AFS KeyFile's 296 * implement a keytab backend for v4 srvtabs 297 * implement `ktutil copy' 298 * support password quality control in v4 kadmind 299 * improvements in v4 compat kadmind 300 * handle the case of having the correct cred in the ccache but with 301 the wrong encryption type better 302 * v6-ify the remaining programs. 303 * internal ls in ftpd 304 * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat 305 * add `ank --random-password' and `cpw --random-password' in kadmin 306 * some programs and documentation for trying to talk to a W2K KDC 307 * bug fixes 308 309Changes in release 0.1m: 310 311 * support for getting default from krb5.conf for kinit/kf/rsh/telnet. 312 From Miroslav Ruda <ruda@ics.muni.cz> 313 * v6-ify hprop and hpropd 314 * support numeric addresses in krb5_mk_req 315 * shadow support in login and su. From Miroslav Ruda <ruda@ics.muni.cz> 316 * make rsh/rshd IPv6-aware 317 * make the gssapi sample applications better at reporting errors 318 * lots of bug fixes 319 * handle systems with v6-aware libc and non-v6 kernels (like Linux 320 with glibc 2.1) better 321 * hide failure of ERPT in ftp 322 * lots of bug fixes 323 324Changes in release 0.1l: 325 326 * make ftp and ftpd IPv6-aware 327 * add inet_pton to roken 328 * more IPv6-awareness 329 * make mini_inetd v6 aware 330 331Changes in release 0.1k: 332 333 * bump shared libraries versions 334 * add roken version of inet_ntop 335 * merge more changes to rshd 336 337Changes in release 0.1j: 338 339 * restore back to the `old' 3DES code. This was supposed to be done 340 in 0.1h and 0.1i but I did a CVS screw-up. 341 * make telnetd handle v6 connections 342 343Changes in release 0.1i: 344 345 * start using `struct sockaddr_storage' which simplifies the code 346 (with a fallback definition if it's not defined) 347 * bug fixes (including in hprop and kf) 348 * don't use mawk which seems to mishandle roken.awk 349 * get_addrs should be able to handle v6 addresses on Linux (with the 350 required patch to the Linux kernel -- ask within) 351 * rshd builds with shadow passwords 352 353Changes in release 0.1h: 354 355 * kf: new program for forwarding credentials 356 * portability fixes 357 * make forwarding credentials work with MIT code 358 * better conversion of ka database 359 * add etc/services.append 360 * correct `modified by' from kpasswdd 361 * lots of bug fixes 362 363Changes in release 0.1g: 364 365 * kgetcred: new program for explicitly obtaining tickets 366 * configure fixes 367 * krb5-aware kx 368 * bug fixes 369 370Changes in release 0.1f; 371 372 * experimental support for v4 kadmin protokoll in kadmind 373 * bug fixes 374 375Changes in release 0.1e: 376 377 * try to handle old DCE and MIT kdcs 378 * support for older versions of credential cache files and keytabs 379 * postdated tickets work 380 * support for password quality checks in kpasswdd 381 * new flag --enable-kaserver for kdc 382 * renew fixes 383 * prototype su program 384 * updated (some) manpages 385 * support for KDC resource records 386 * should build with --without-krb4 387 * bug fixes 388 389Changes in release 0.1d: 390 391 * Support building with DB2 (uses 1.85-compat API) 392 * Support krb5-realm.DOMAIN in DNS 393 * new `ktutil srvcreate' 394 * v4/kafs support in klist/kdestroy 395 * bug fixes 396 397Changes in release 0.1c: 398 399 * fix ASN.1 encoding of signed integers 400 * somewhat working `ktutil get' 401 * some documentation updates 402 * update to Autoconf 2.13 and Automake 1.4 403 * the usual bug fixes 404 405Changes in release 0.1b: 406 407 * some old -> new crypto conversion utils 408 * bug fixes 409 410Changes in release 0.1a: 411 412 * new crypto code 413 * more bug fixes 414 * make sure we ask for DES keys in gssapi 415 * support signed ints in ASN1 416 * IPv6-bug fixes 417 418Changes in release 0.0u: 419 420 * lots of bug fixes 421 422Changes in release 0.0t: 423 424 * more robust parsing of krb5.conf 425 * include net{read,write} in lib/roken 426 * bug fixes 427 428Changes in release 0.0s: 429 430 * kludges for parsing options to rsh 431 * more robust parsing of krb5.conf 432 * removed some arbitrary limits 433 * bug fixes 434 435Changes in release 0.0r: 436 437 * default options for some programs 438 * bug fixes 439 440Changes in release 0.0q: 441 442 * support for building shared libraries with libtool 443 * bug fixes 444 445Changes in release 0.0p: 446 447 * keytab moved to /etc/krb5.keytab 448 * avoid false detection of IPv6 on Linux 449 * Lots of more functionality in the gssapi-library 450 * hprop can now read ka-server databases 451 * bug fixes 452 453Changes in release 0.0o: 454 455 * FTP with GSSAPI support. 456 * Bug fixes. 457 458Changes in release 0.0n: 459 460 * Incremental database propagation. 461 * Somewhat improved kadmin ui; the stuff in admin is now removed. 462 * Some support for using enctypes instead of keytypes. 463 * Lots of other improvement and bug fixes, see ChangeLog for details. 464