1Changes in release 0.5 2 3 * add --detach option to kdc 4 5 * allow setting forward and forwardable option in telnet from 6 .telnetrc, with override from command line 7 8 * accept addresses with or without ports in krb5_rd_cred 9 10 * make it work with modern openssl 11 12 * use our own string2key function even with openssl (that handles weak 13 keys incorrectly) 14 15 * more system-specific requirements in login 16 17 * do not use getlogin() to determine root in su 18 19 * telnet: abort if telnetd does not support encryption 20 21 * update autoconf to 2.53 22 23 * update config.guess, config.sub 24 25 * other bug fixes 26 27Changes in release 0.4e 28 29 * improve libcrypto and database autoconf tests 30 31 * do not care about salting of server principals when serving v4 requests 32 33 * some improvements to gssapi library 34 35 * test for existing compile_et/libcom_err 36 37 * portability fixes 38 39 * bug fixes 40 41Changes in release 0.4d 42 43 * fix some problems when using libcrypto from openssl 44 45 * handle /dev/ptmx `unix98' ptys on Linux 46 47 * add some forgotten man pages 48 49 * rsh: clean-up and add man page 50 51 * fix -A and -a in builtin-ls in tpd 52 53 * fix building problem on Irix 54 55 * make `ktutil get' more efficient 56 57 * bug fixes 58 59Changes in release 0.4c 60 61 * fix buffer overrun in telnetd 62 63 * repair some of the v4 fallback code in kinit 64 65 * add more shared library dependencies 66 67 * simplify and fix hprop handling of v4 databases 68 69 * fix some building problems (osf's sia and osfc2 login) 70 71 * bug fixes 72 73Changes in release 0.4b 74 75 * update the shared library version numbers correctly 76 77Changes in release 0.4a 78 79 * corrected key used for checksum in mk_safe, unfortunately this 80 makes it backwards incompatible 81 82 * update to autoconf 2.50, libtool 1.4 83 84 * re-write dns/config lookups (krb5_krbhst API) 85 86 * make order of using subkeys consistent 87 88 * add man page links 89 90 * add more man pages 91 92 * remove rfc2052 support, now only rfc2782 is supported 93 94 * always build with kaserver protocol support in the KDC (assuming 95 KRB4 is enabled) and support for reading kaserver databases in 96 hprop 97 98Changes in release 0.3f 99 100 * change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab, 101 the new keytab type that tries both of these in order (SRVTAB is 102 also an alias for krb4:) 103 104 * improve error reporting and error handling (error messages should 105 be more detailed and more useful) 106 107 * improve building with openssl 108 109 * add kadmin -K, rcp -F 110 111 * fix two incorrect weak DES keys 112 113 * fix building of kaserver compat in KDC 114 115 * the API is closer to what MIT krb5 is using 116 117 * more compatible with windows 2000 118 119 * removed some memory leaks 120 121 * bug fixes 122 123Changes in release 0.3e 124 125 * rcp program included 126 127 * fix buffer overrun in ftpd 128 129 * handle omitted sequence numbers as zeroes to handle MIT krb5 that 130 cannot generate zero sequence numbers 131 132 * handle v4 /.k files better 133 134 * configure/portability fixes 135 136 * fixes in parsing of options to kadmin (sub-)commands 137 138 * handle errors in kadmin load better 139 140 * bug fixes 141 142Changes in release 0.3d 143 144 * add krb5-config 145 146 * fix a bug in 3des gss-api mechanism, making it compatible with the 147 specification and the MIT implementation 148 149 * make telnetd only allow a specific list of environment variables to 150 stop it from setting `sensitive' variables 151 152 * try to use an existing libdes 153 154 * lib/krb5, kdc: use correct usage type for ap-req messages. This 155 should improve compatability with MIT krb5 when using 3DES 156 encryption types 157 158 * kdc: fix memory allocation problem 159 160 * update config.guess and config.sub 161 162 * lib/roken: more stuff implemented 163 164 * bug fixes and portability enhancements 165 166Changes in release 0.3c 167 168 * lib/krb5: memory caches now support the resolve operation 169 170 * appl/login: set PATH to some sane default 171 172 * kadmind: handle several realms 173 174 * bug fixes (including memory leaks) 175 176Changes in release 0.3b 177 178 * kdc: prefer default-salted keys on v5 requests 179 180 * kdc: lowercase hostnames in v4 mode 181 182 * hprop: handle more types of MIT salts 183 184 * lib/krb5: fix memory leak 185 186 * bug fixes 187 188Changes in release 0.3a: 189 190 * implement arcfour-hmac-md5 to interoperate with W2K 191 192 * modularise the handling of the master key, and allow for other 193 encryption types. This makes it easier to import a database from 194 some other source without having to re-encrypt all keys. 195 196 * allow for better control over which encryption types are created 197 198 * make kinit fallback to v4 if given a v4 KDC 199 200 * make klist work better with v4 and v5, and add some more MIT 201 compatibility options 202 203 * make the kdc listen on the krb524 (4444) port for compatibility 204 with MIT krb5 clients 205 206 * implement more DCE/DFS support, enabled with --enable-dce, see 207 lib/kdfs and appl/dceutils 208 209 * make the sequence numbers work correctly 210 211 * bug fixes 212 213Changes in release 0.2t: 214 215 * bug fixes 216 217Changes in release 0.2s: 218 219 * add OpenLDAP support in hdb 220 221 * login will get v4 tickets when it receives forwarded tickets 222 223 * xnlock supports both v5 and v4 224 225 * repair source routing for telnet 226 227 * fix building problems with krb4 (krb_mk_req) 228 229 * bug fixes 230 231Changes in release 0.2r: 232 233 * fix realloc memory corruption bug in kdc 234 235 * `add --key' and `cpw --key' in kadmin 236 237 * klist supports listing v4 tickets 238 239 * update config.guess and config.sub 240 241 * make v4 -> v5 principal name conversion more robust 242 243 * support for anonymous tickets 244 245 * new man-pages 246 247 * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab. 248 249 * use and set expiration and not password expiration when dumping 250 to/from ka server databases / krb4 databases 251 252 * make the code happier with 64-bit time_t 253 254 * follow RFC2782 and by default do not look for non-underscore SRV names 255 256Changes in release 0.2q: 257 258 * bug fix in tcp-handling in kdc 259 260 * bug fix in expand_hostname 261 262Changes in release 0.2p: 263 264 * bug fix in `kadmin load/merge' 265 266 * bug fix in krb5_parse_address 267 268Changes in release 0.2o: 269 270 * gss_{import,export}_sec_context added to libgssapi 271 272 * new option --addresses to kdc (for listening on an explicit set of 273 addresses) 274 275 * bug fixes in the krb4 and kaserver emulation part of the kdc 276 277 * other bug fixes 278 279Changes in release 0.2n: 280 281 * more robust parsing of dump files in kadmin 282 * changed default timestamp format for log messages to extended ISO 283 8601 format (Y-M-DTH:M:S) 284 * changed md4/md5/sha1 APIes to be de-facto `standard' 285 * always make hostname into lower-case before creating principal 286 * small bits of more MIT-compatability 287 * bug fixes 288 289Changes in release 0.2m: 290 291 * handle glibc's getaddrinfo() that returns several ai_canonname 292 293 * new endian test 294 295 * man pages fixes 296 297Changes in release 0.2l: 298 299 * bug fixes 300 301Changes in release 0.2k: 302 303 * better IPv6 test 304 305 * make struct sockaddr_storage in roken work better on alphas 306 307 * some missing [hn]to[hn]s fixed. 308 309 * allow users to change their own passwords with kadmin (with initial 310 tickets) 311 312 * fix stupid bug in parsing KDC specification 313 314 * add `ktutil change' and `ktutil purge' 315 316Changes in release 0.2j: 317 318 * builds on Irix 319 320 * ftpd works in passive mode 321 322 * should build on cygwin 323 324 * work around broken IPv6-code on OpenBSD 2.6, also add configure 325 option --disable-ipv6 326 327Changes in release 0.2i: 328 329 * use getaddrinfo in the missing places. 330 331 * fix SRV lookup for admin server 332 333 * use get{addr,name}info everywhere. and implement it in terms of 334 getipnodeby{name,addr} (which uses gethostbyname{,2} and 335 gethostbyaddr) 336 337Changes in release 0.2h: 338 339 * fix typo in kx (now compiles) 340 341Changes in release 0.2g: 342 343 * lots of bug fixes: 344 * push works 345 * repair appl/test programs 346 * sockaddr_storage works on solaris (alignment issues) 347 * works better with non-roken getaddrinfo 348 * rsh works 349 * some non standard C constructs removed 350 351Changes in release 0.2f: 352 353 * support SRV records for kpasswd 354 * look for both _kerberos and krb5-realm when doing host -> realm mapping 355 356Changes in release 0.2e: 357 358 * changed copyright notices to remove `advertising'-clause. 359 * get{addr,name}info added to roken and used in the other code 360 (this makes things work much better with hosts with both v4 and v6 361 addresses, among other things) 362 * do pre-auth for both password and key-based get_in_tkt 363 * support for having several databases 364 * new command `del_enctype' in kadmin 365 * strptime (and new strftime) add to roken 366 * more paranoia about finding libdb 367 * bug fixes 368 369Changes in release 0.2d: 370 371 * new configuration option [libdefaults]default_etypes_des 372 * internal ls in ftpd builds without KRB4 373 * kx/rsh/push/pop_debug tries v5 and v4 consistenly 374 * build bug fixes 375 * other bug fixes 376 377Changes in release 0.2c: 378 379 * bug fixes (see ChangeLog's for details) 380 381Changes in release 0.2b: 382 383 * bug fixes 384 * actually bump shared library versions 385 386Changes in release 0.2a: 387 388 * a new program verify_krb5_conf for checking your /etc/krb5.conf 389 * add 3DES keys when changing password 390 * support null keys in database 391 * support multiple local realms 392 * implement a keytab backend for AFS KeyFile's 393 * implement a keytab backend for v4 srvtabs 394 * implement `ktutil copy' 395 * support password quality control in v4 kadmind 396 * improvements in v4 compat kadmind 397 * handle the case of having the correct cred in the ccache but with 398 the wrong encryption type better 399 * v6-ify the remaining programs. 400 * internal ls in ftpd 401 * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat 402 * add `ank --random-password' and `cpw --random-password' in kadmin 403 * some programs and documentation for trying to talk to a W2K KDC 404 * bug fixes 405 406Changes in release 0.1m: 407 408 * support for getting default from krb5.conf for kinit/kf/rsh/telnet. 409 From Miroslav Ruda <ruda@ics.muni.cz> 410 * v6-ify hprop and hpropd 411 * support numeric addresses in krb5_mk_req 412 * shadow support in login and su. From Miroslav Ruda <ruda@ics.muni.cz> 413 * make rsh/rshd IPv6-aware 414 * make the gssapi sample applications better at reporting errors 415 * lots of bug fixes 416 * handle systems with v6-aware libc and non-v6 kernels (like Linux 417 with glibc 2.1) better 418 * hide failure of ERPT in ftp 419 * lots of bug fixes 420 421Changes in release 0.1l: 422 423 * make ftp and ftpd IPv6-aware 424 * add inet_pton to roken 425 * more IPv6-awareness 426 * make mini_inetd v6 aware 427 428Changes in release 0.1k: 429 430 * bump shared libraries versions 431 * add roken version of inet_ntop 432 * merge more changes to rshd 433 434Changes in release 0.1j: 435 436 * restore back to the `old' 3DES code. This was supposed to be done 437 in 0.1h and 0.1i but I did a CVS screw-up. 438 * make telnetd handle v6 connections 439 440Changes in release 0.1i: 441 442 * start using `struct sockaddr_storage' which simplifies the code 443 (with a fallback definition if it's not defined) 444 * bug fixes (including in hprop and kf) 445 * don't use mawk which seems to mishandle roken.awk 446 * get_addrs should be able to handle v6 addresses on Linux (with the 447 required patch to the Linux kernel -- ask within) 448 * rshd builds with shadow passwords 449 450Changes in release 0.1h: 451 452 * kf: new program for forwarding credentials 453 * portability fixes 454 * make forwarding credentials work with MIT code 455 * better conversion of ka database 456 * add etc/services.append 457 * correct `modified by' from kpasswdd 458 * lots of bug fixes 459 460Changes in release 0.1g: 461 462 * kgetcred: new program for explicitly obtaining tickets 463 * configure fixes 464 * krb5-aware kx 465 * bug fixes 466 467Changes in release 0.1f; 468 469 * experimental support for v4 kadmin protokoll in kadmind 470 * bug fixes 471 472Changes in release 0.1e: 473 474 * try to handle old DCE and MIT kdcs 475 * support for older versions of credential cache files and keytabs 476 * postdated tickets work 477 * support for password quality checks in kpasswdd 478 * new flag --enable-kaserver for kdc 479 * renew fixes 480 * prototype su program 481 * updated (some) manpages 482 * support for KDC resource records 483 * should build with --without-krb4 484 * bug fixes 485 486Changes in release 0.1d: 487 488 * Support building with DB2 (uses 1.85-compat API) 489 * Support krb5-realm.DOMAIN in DNS 490 * new `ktutil srvcreate' 491 * v4/kafs support in klist/kdestroy 492 * bug fixes 493 494Changes in release 0.1c: 495 496 * fix ASN.1 encoding of signed integers 497 * somewhat working `ktutil get' 498 * some documentation updates 499 * update to Autoconf 2.13 and Automake 1.4 500 * the usual bug fixes 501 502Changes in release 0.1b: 503 504 * some old -> new crypto conversion utils 505 * bug fixes 506 507Changes in release 0.1a: 508 509 * new crypto code 510 * more bug fixes 511 * make sure we ask for DES keys in gssapi 512 * support signed ints in ASN1 513 * IPv6-bug fixes 514 515Changes in release 0.0u: 516 517 * lots of bug fixes 518 519Changes in release 0.0t: 520 521 * more robust parsing of krb5.conf 522 * include net{read,write} in lib/roken 523 * bug fixes 524 525Changes in release 0.0s: 526 527 * kludges for parsing options to rsh 528 * more robust parsing of krb5.conf 529 * removed some arbitrary limits 530 * bug fixes 531 532Changes in release 0.0r: 533 534 * default options for some programs 535 * bug fixes 536 537Changes in release 0.0q: 538 539 * support for building shared libraries with libtool 540 * bug fixes 541 542Changes in release 0.0p: 543 544 * keytab moved to /etc/krb5.keytab 545 * avoid false detection of IPv6 on Linux 546 * Lots of more functionality in the gssapi-library 547 * hprop can now read ka-server databases 548 * bug fixes 549 550Changes in release 0.0o: 551 552 * FTP with GSSAPI support. 553 * Bug fixes. 554 555Changes in release 0.0n: 556 557 * Incremental database propagation. 558 * Somewhat improved kadmin ui; the stuff in admin is now removed. 559 * Some support for using enctypes instead of keytypes. 560 * Lots of other improvement and bug fixes, see ChangeLog for details. 561