1Changes in release 0.3e 2 3 * rcp program included 4 5 * fix buffer overrun in ftpd 6 7 * handle omitted sequence numbers as zeroes to handle MIT krb5 that 8 cannot generate zero sequence numbers 9 10 * handle v4 /.k files better 11 12 * configure/portability fixes 13 14 * fixes in parsing of options to kadmin (sub-)commands 15 16 * handle errors in kadmin load better 17 18 * bug fixes 19 20Changes in release 0.3d 21 22 * add krb5-config 23 24 * fix a bug in 3des gss-api mechanism, making it compatible with the 25 specification and the MIT implementation 26 27 * make telnetd only allow a specific list of environment variables to 28 stop it from setting `sensitive' variables 29 30 * try to use an existing libdes 31 32 * lib/krb5, kdc: use correct usage type for ap-req messages. This 33 should improve compatability with MIT krb5 when using 3DES 34 encryption types 35 36 * kdc: fix memory allocation problem 37 38 * update config.guess and config.sub 39 40 * lib/roken: more stuff implemented 41 42 * bug fixes and portability enhancements 43 44Changes in release 0.3c 45 46 * lib/krb5: memory caches now support the resolve operation 47 48 * appl/login: set PATH to some sane default 49 50 * kadmind: handle several realms 51 52 * bug fixes (including memory leaks) 53 54Changes in release 0.3b 55 56 * kdc: prefer default-salted keys on v5 requests 57 58 * kdc: lowercase hostnames in v4 mode 59 60 * hprop: handle more types of MIT salts 61 62 * lib/krb5: fix memory leak 63 64 * bug fixes 65 66Changes in release 0.3a: 67 68 * implement arcfour-hmac-md5 to interoperate with W2K 69 70 * modularise the handling of the master key, and allow for other 71 encryption types. This makes it easier to import a database from 72 some other source without having to re-encrypt all keys. 73 74 * allow for better control over which encryption types are created 75 76 * make kinit fallback to v4 if given a v4 KDC 77 78 * make klist work better with v4 and v5, and add some more MIT 79 compatibility options 80 81 * make the kdc listen on the krb524 (4444) port for compatibility 82 with MIT krb5 clients 83 84 * implement more DCE/DFS support, enabled with --enable-dce, see 85 lib/kdfs and appl/dceutils 86 87 * make the sequence numbers work correctly 88 89 * bug fixes 90 91Changes in release 0.2t: 92 93 * bug fixes 94 95Changes in release 0.2s: 96 97 * add OpenLDAP support in hdb 98 99 * login will get v4 tickets when it receives forwarded tickets 100 101 * xnlock supports both v5 and v4 102 103 * repair source routing for telnet 104 105 * fix building problems with krb4 (krb_mk_req) 106 107 * bug fixes 108 109Changes in release 0.2r: 110 111 * fix realloc memory corruption bug in kdc 112 113 * `add --key' and `cpw --key' in kadmin 114 115 * klist supports listing v4 tickets 116 117 * update config.guess and config.sub 118 119 * make v4 -> v5 principal name conversion more robust 120 121 * support for anonymous tickets 122 123 * new man-pages 124 125 * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab. 126 127 * use and set expiration and not password expiration when dumping 128 to/from ka server databases / krb4 databases 129 130 * make the code happier with 64-bit time_t 131 132 * follow RFC2782 and by default do not look for non-underscore SRV names 133 134Changes in release 0.2q: 135 136 * bug fix in tcp-handling in kdc 137 138 * bug fix in expand_hostname 139 140Changes in release 0.2p: 141 142 * bug fix in `kadmin load/merge' 143 144 * bug fix in krb5_parse_address 145 146Changes in release 0.2o: 147 148 * gss_{import,export}_sec_context added to libgssapi 149 150 * new option --addresses to kdc (for listening on an explicit set of 151 addresses) 152 153 * bug fixes in the krb4 and kaserver emulation part of the kdc 154 155 * other bug fixes 156 157Changes in release 0.2n: 158 159 * more robust parsing of dump files in kadmin 160 * changed default timestamp format for log messages to extended ISO 161 8601 format (Y-M-DTH:M:S) 162 * changed md4/md5/sha1 APIes to be de-facto `standard' 163 * always make hostname into lower-case before creating principal 164 * small bits of more MIT-compatability 165 * bug fixes 166 167Changes in release 0.2m: 168 169 * handle glibc's getaddrinfo() that returns several ai_canonname 170 171 * new endian test 172 173 * man pages fixes 174 175Changes in release 0.2l: 176 177 * bug fixes 178 179Changes in release 0.2k: 180 181 * better IPv6 test 182 183 * make struct sockaddr_storage in roken work better on alphas 184 185 * some missing [hn]to[hn]s fixed. 186 187 * allow users to change their own passwords with kadmin (with initial 188 tickets) 189 190 * fix stupid bug in parsing KDC specification 191 192 * add `ktutil change' and `ktutil purge' 193 194Changes in release 0.2j: 195 196 * builds on Irix 197 198 * ftpd works in passive mode 199 200 * should build on cygwin 201 202 * work around broken IPv6-code on OpenBSD 2.6, also add configure 203 option --disable-ipv6 204 205Changes in release 0.2i: 206 207 * use getaddrinfo in the missing places. 208 209 * fix SRV lookup for admin server 210 211 * use get{addr,name}info everywhere. and implement it in terms of 212 getipnodeby{name,addr} (which uses gethostbyname{,2} and 213 gethostbyaddr) 214 215Changes in release 0.2h: 216 217 * fix typo in kx (now compiles) 218 219Changes in release 0.2g: 220 221 * lots of bug fixes: 222 * push works 223 * repair appl/test programs 224 * sockaddr_storage works on solaris (alignment issues) 225 * works better with non-roken getaddrinfo 226 * rsh works 227 * some non standard C constructs removed 228 229Changes in release 0.2f: 230 231 * support SRV records for kpasswd 232 * look for both _kerberos and krb5-realm when doing host -> realm mapping 233 234Changes in release 0.2e: 235 236 * changed copyright notices to remove `advertising'-clause. 237 * get{addr,name}info added to roken and used in the other code 238 (this makes things work much better with hosts with both v4 and v6 239 addresses, among other things) 240 * do pre-auth for both password and key-based get_in_tkt 241 * support for having several databases 242 * new command `del_enctype' in kadmin 243 * strptime (and new strftime) add to roken 244 * more paranoia about finding libdb 245 * bug fixes 246 247Changes in release 0.2d: 248 249 * new configuration option [libdefaults]default_etypes_des 250 * internal ls in ftpd builds without KRB4 251 * kx/rsh/push/pop_debug tries v5 and v4 consistenly 252 * build bug fixes 253 * other bug fixes 254 255Changes in release 0.2c: 256 257 * bug fixes (see ChangeLog's for details) 258 259Changes in release 0.2b: 260 261 * bug fixes 262 * actually bump shared library versions 263 264Changes in release 0.2a: 265 266 * a new program verify_krb5_conf for checking your /etc/krb5.conf 267 * add 3DES keys when changing password 268 * support null keys in database 269 * support multiple local realms 270 * implement a keytab backend for AFS KeyFile's 271 * implement a keytab backend for v4 srvtabs 272 * implement `ktutil copy' 273 * support password quality control in v4 kadmind 274 * improvements in v4 compat kadmind 275 * handle the case of having the correct cred in the ccache but with 276 the wrong encryption type better 277 * v6-ify the remaining programs. 278 * internal ls in ftpd 279 * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat 280 * add `ank --random-password' and `cpw --random-password' in kadmin 281 * some programs and documentation for trying to talk to a W2K KDC 282 * bug fixes 283 284Changes in release 0.1m: 285 286 * support for getting default from krb5.conf for kinit/kf/rsh/telnet. 287 From Miroslav Ruda <ruda@ics.muni.cz> 288 * v6-ify hprop and hpropd 289 * support numeric addresses in krb5_mk_req 290 * shadow support in login and su. From Miroslav Ruda <ruda@ics.muni.cz> 291 * make rsh/rshd IPv6-aware 292 * make the gssapi sample applications better at reporting errors 293 * lots of bug fixes 294 * handle systems with v6-aware libc and non-v6 kernels (like Linux 295 with glibc 2.1) better 296 * hide failure of ERPT in ftp 297 * lots of bug fixes 298 299Changes in release 0.1l: 300 301 * make ftp and ftpd IPv6-aware 302 * add inet_pton to roken 303 * more IPv6-awareness 304 * make mini_inetd v6 aware 305 306Changes in release 0.1k: 307 308 * bump shared libraries versions 309 * add roken version of inet_ntop 310 * merge more changes to rshd 311 312Changes in release 0.1j: 313 314 * restore back to the `old' 3DES code. This was supposed to be done 315 in 0.1h and 0.1i but I did a CVS screw-up. 316 * make telnetd handle v6 connections 317 318Changes in release 0.1i: 319 320 * start using `struct sockaddr_storage' which simplifies the code 321 (with a fallback definition if it's not defined) 322 * bug fixes (including in hprop and kf) 323 * don't use mawk which seems to mishandle roken.awk 324 * get_addrs should be able to handle v6 addresses on Linux (with the 325 required patch to the Linux kernel -- ask within) 326 * rshd builds with shadow passwords 327 328Changes in release 0.1h: 329 330 * kf: new program for forwarding credentials 331 * portability fixes 332 * make forwarding credentials work with MIT code 333 * better conversion of ka database 334 * add etc/services.append 335 * correct `modified by' from kpasswdd 336 * lots of bug fixes 337 338Changes in release 0.1g: 339 340 * kgetcred: new program for explicitly obtaining tickets 341 * configure fixes 342 * krb5-aware kx 343 * bug fixes 344 345Changes in release 0.1f; 346 347 * experimental support for v4 kadmin protokoll in kadmind 348 * bug fixes 349 350Changes in release 0.1e: 351 352 * try to handle old DCE and MIT kdcs 353 * support for older versions of credential cache files and keytabs 354 * postdated tickets work 355 * support for password quality checks in kpasswdd 356 * new flag --enable-kaserver for kdc 357 * renew fixes 358 * prototype su program 359 * updated (some) manpages 360 * support for KDC resource records 361 * should build with --without-krb4 362 * bug fixes 363 364Changes in release 0.1d: 365 366 * Support building with DB2 (uses 1.85-compat API) 367 * Support krb5-realm.DOMAIN in DNS 368 * new `ktutil srvcreate' 369 * v4/kafs support in klist/kdestroy 370 * bug fixes 371 372Changes in release 0.1c: 373 374 * fix ASN.1 encoding of signed integers 375 * somewhat working `ktutil get' 376 * some documentation updates 377 * update to Autoconf 2.13 and Automake 1.4 378 * the usual bug fixes 379 380Changes in release 0.1b: 381 382 * some old -> new crypto conversion utils 383 * bug fixes 384 385Changes in release 0.1a: 386 387 * new crypto code 388 * more bug fixes 389 * make sure we ask for DES keys in gssapi 390 * support signed ints in ASN1 391 * IPv6-bug fixes 392 393Changes in release 0.0u: 394 395 * lots of bug fixes 396 397Changes in release 0.0t: 398 399 * more robust parsing of krb5.conf 400 * include net{read,write} in lib/roken 401 * bug fixes 402 403Changes in release 0.0s: 404 405 * kludges for parsing options to rsh 406 * more robust parsing of krb5.conf 407 * removed some arbitrary limits 408 * bug fixes 409 410Changes in release 0.0r: 411 412 * default options for some programs 413 * bug fixes 414 415Changes in release 0.0q: 416 417 * support for building shared libraries with libtool 418 * bug fixes 419 420Changes in release 0.0p: 421 422 * keytab moved to /etc/krb5.keytab 423 * avoid false detection of IPv6 on Linux 424 * Lots of more functionality in the gssapi-library 425 * hprop can now read ka-server databases 426 * bug fixes 427 428Changes in release 0.0o: 429 430 * FTP with GSSAPI support. 431 * Bug fixes. 432 433Changes in release 0.0n: 434 435 * Incremental database propagation. 436 * Somewhat improved kadmin ui; the stuff in admin is now removed. 437 * Some support for using enctypes instead of keytypes. 438 * Lots of other improvement and bug fixes, see ChangeLog for details. 439