1Changes in release 0.4e 2 3 * improve libcrypto and database autoconf tests 4 5 * do not care about salting of server principals when serving v4 requests 6 7 * some improvements to gssapi library 8 9 * test for existing compile_et/libcom_err 10 11 * portability fixes 12 13 * bug fixes 14 15Changes in release 0.4d 16 17 * fix some problems when using libcrypto from openssl 18 19 * handle /dev/ptmx `unix98' ptys on Linux 20 21 * add some forgotten man pages 22 23 * rsh: clean-up and add man page 24 25 * fix -A and -a in builtin-ls in tpd 26 27 * fix building problem on Irix 28 29 * make `ktutil get' more efficient 30 31 * bug fixes 32 33Changes in release 0.4c 34 35 * fix buffer overrun in telnetd 36 37 * repair some of the v4 fallback code in kinit 38 39 * add more shared library dependencies 40 41 * simplify and fix hprop handling of v4 databases 42 43 * fix some building problems (osf's sia and osfc2 login) 44 45 * bug fixes 46 47Changes in release 0.4b 48 49 * update the shared library version numbers correctly 50 51Changes in release 0.4a 52 53 * corrected key used for checksum in mk_safe, unfortunately this 54 makes it backwards incompatible 55 56 * update to autoconf 2.50, libtool 1.4 57 58 * re-write dns/config lookups (krb5_krbhst API) 59 60 * make order of using subkeys consistent 61 62 * add man page links 63 64 * add more man pages 65 66 * remove rfc2052 support, now only rfc2782 is supported 67 68 * always build with kaserver protocol support in the KDC (assuming 69 KRB4 is enabled) and support for reading kaserver databases in 70 hprop 71 72Changes in release 0.3f 73 74 * change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab, 75 the new keytab type that tries both of these in order (SRVTAB is 76 also an alias for krb4:) 77 78 * improve error reporting and error handling (error messages should 79 be more detailed and more useful) 80 81 * improve building with openssl 82 83 * add kadmin -K, rcp -F 84 85 * fix two incorrect weak DES keys 86 87 * fix building of kaserver compat in KDC 88 89 * the API is closer to what MIT krb5 is using 90 91 * more compatible with windows 2000 92 93 * removed some memory leaks 94 95 * bug fixes 96 97Changes in release 0.3e 98 99 * rcp program included 100 101 * fix buffer overrun in ftpd 102 103 * handle omitted sequence numbers as zeroes to handle MIT krb5 that 104 cannot generate zero sequence numbers 105 106 * handle v4 /.k files better 107 108 * configure/portability fixes 109 110 * fixes in parsing of options to kadmin (sub-)commands 111 112 * handle errors in kadmin load better 113 114 * bug fixes 115 116Changes in release 0.3d 117 118 * add krb5-config 119 120 * fix a bug in 3des gss-api mechanism, making it compatible with the 121 specification and the MIT implementation 122 123 * make telnetd only allow a specific list of environment variables to 124 stop it from setting `sensitive' variables 125 126 * try to use an existing libdes 127 128 * lib/krb5, kdc: use correct usage type for ap-req messages. This 129 should improve compatability with MIT krb5 when using 3DES 130 encryption types 131 132 * kdc: fix memory allocation problem 133 134 * update config.guess and config.sub 135 136 * lib/roken: more stuff implemented 137 138 * bug fixes and portability enhancements 139 140Changes in release 0.3c 141 142 * lib/krb5: memory caches now support the resolve operation 143 144 * appl/login: set PATH to some sane default 145 146 * kadmind: handle several realms 147 148 * bug fixes (including memory leaks) 149 150Changes in release 0.3b 151 152 * kdc: prefer default-salted keys on v5 requests 153 154 * kdc: lowercase hostnames in v4 mode 155 156 * hprop: handle more types of MIT salts 157 158 * lib/krb5: fix memory leak 159 160 * bug fixes 161 162Changes in release 0.3a: 163 164 * implement arcfour-hmac-md5 to interoperate with W2K 165 166 * modularise the handling of the master key, and allow for other 167 encryption types. This makes it easier to import a database from 168 some other source without having to re-encrypt all keys. 169 170 * allow for better control over which encryption types are created 171 172 * make kinit fallback to v4 if given a v4 KDC 173 174 * make klist work better with v4 and v5, and add some more MIT 175 compatibility options 176 177 * make the kdc listen on the krb524 (4444) port for compatibility 178 with MIT krb5 clients 179 180 * implement more DCE/DFS support, enabled with --enable-dce, see 181 lib/kdfs and appl/dceutils 182 183 * make the sequence numbers work correctly 184 185 * bug fixes 186 187Changes in release 0.2t: 188 189 * bug fixes 190 191Changes in release 0.2s: 192 193 * add OpenLDAP support in hdb 194 195 * login will get v4 tickets when it receives forwarded tickets 196 197 * xnlock supports both v5 and v4 198 199 * repair source routing for telnet 200 201 * fix building problems with krb4 (krb_mk_req) 202 203 * bug fixes 204 205Changes in release 0.2r: 206 207 * fix realloc memory corruption bug in kdc 208 209 * `add --key' and `cpw --key' in kadmin 210 211 * klist supports listing v4 tickets 212 213 * update config.guess and config.sub 214 215 * make v4 -> v5 principal name conversion more robust 216 217 * support for anonymous tickets 218 219 * new man-pages 220 221 * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab. 222 223 * use and set expiration and not password expiration when dumping 224 to/from ka server databases / krb4 databases 225 226 * make the code happier with 64-bit time_t 227 228 * follow RFC2782 and by default do not look for non-underscore SRV names 229 230Changes in release 0.2q: 231 232 * bug fix in tcp-handling in kdc 233 234 * bug fix in expand_hostname 235 236Changes in release 0.2p: 237 238 * bug fix in `kadmin load/merge' 239 240 * bug fix in krb5_parse_address 241 242Changes in release 0.2o: 243 244 * gss_{import,export}_sec_context added to libgssapi 245 246 * new option --addresses to kdc (for listening on an explicit set of 247 addresses) 248 249 * bug fixes in the krb4 and kaserver emulation part of the kdc 250 251 * other bug fixes 252 253Changes in release 0.2n: 254 255 * more robust parsing of dump files in kadmin 256 * changed default timestamp format for log messages to extended ISO 257 8601 format (Y-M-DTH:M:S) 258 * changed md4/md5/sha1 APIes to be de-facto `standard' 259 * always make hostname into lower-case before creating principal 260 * small bits of more MIT-compatability 261 * bug fixes 262 263Changes in release 0.2m: 264 265 * handle glibc's getaddrinfo() that returns several ai_canonname 266 267 * new endian test 268 269 * man pages fixes 270 271Changes in release 0.2l: 272 273 * bug fixes 274 275Changes in release 0.2k: 276 277 * better IPv6 test 278 279 * make struct sockaddr_storage in roken work better on alphas 280 281 * some missing [hn]to[hn]s fixed. 282 283 * allow users to change their own passwords with kadmin (with initial 284 tickets) 285 286 * fix stupid bug in parsing KDC specification 287 288 * add `ktutil change' and `ktutil purge' 289 290Changes in release 0.2j: 291 292 * builds on Irix 293 294 * ftpd works in passive mode 295 296 * should build on cygwin 297 298 * work around broken IPv6-code on OpenBSD 2.6, also add configure 299 option --disable-ipv6 300 301Changes in release 0.2i: 302 303 * use getaddrinfo in the missing places. 304 305 * fix SRV lookup for admin server 306 307 * use get{addr,name}info everywhere. and implement it in terms of 308 getipnodeby{name,addr} (which uses gethostbyname{,2} and 309 gethostbyaddr) 310 311Changes in release 0.2h: 312 313 * fix typo in kx (now compiles) 314 315Changes in release 0.2g: 316 317 * lots of bug fixes: 318 * push works 319 * repair appl/test programs 320 * sockaddr_storage works on solaris (alignment issues) 321 * works better with non-roken getaddrinfo 322 * rsh works 323 * some non standard C constructs removed 324 325Changes in release 0.2f: 326 327 * support SRV records for kpasswd 328 * look for both _kerberos and krb5-realm when doing host -> realm mapping 329 330Changes in release 0.2e: 331 332 * changed copyright notices to remove `advertising'-clause. 333 * get{addr,name}info added to roken and used in the other code 334 (this makes things work much better with hosts with both v4 and v6 335 addresses, among other things) 336 * do pre-auth for both password and key-based get_in_tkt 337 * support for having several databases 338 * new command `del_enctype' in kadmin 339 * strptime (and new strftime) add to roken 340 * more paranoia about finding libdb 341 * bug fixes 342 343Changes in release 0.2d: 344 345 * new configuration option [libdefaults]default_etypes_des 346 * internal ls in ftpd builds without KRB4 347 * kx/rsh/push/pop_debug tries v5 and v4 consistenly 348 * build bug fixes 349 * other bug fixes 350 351Changes in release 0.2c: 352 353 * bug fixes (see ChangeLog's for details) 354 355Changes in release 0.2b: 356 357 * bug fixes 358 * actually bump shared library versions 359 360Changes in release 0.2a: 361 362 * a new program verify_krb5_conf for checking your /etc/krb5.conf 363 * add 3DES keys when changing password 364 * support null keys in database 365 * support multiple local realms 366 * implement a keytab backend for AFS KeyFile's 367 * implement a keytab backend for v4 srvtabs 368 * implement `ktutil copy' 369 * support password quality control in v4 kadmind 370 * improvements in v4 compat kadmind 371 * handle the case of having the correct cred in the ccache but with 372 the wrong encryption type better 373 * v6-ify the remaining programs. 374 * internal ls in ftpd 375 * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat 376 * add `ank --random-password' and `cpw --random-password' in kadmin 377 * some programs and documentation for trying to talk to a W2K KDC 378 * bug fixes 379 380Changes in release 0.1m: 381 382 * support for getting default from krb5.conf for kinit/kf/rsh/telnet. 383 From Miroslav Ruda <ruda@ics.muni.cz> 384 * v6-ify hprop and hpropd 385 * support numeric addresses in krb5_mk_req 386 * shadow support in login and su. From Miroslav Ruda <ruda@ics.muni.cz> 387 * make rsh/rshd IPv6-aware 388 * make the gssapi sample applications better at reporting errors 389 * lots of bug fixes 390 * handle systems with v6-aware libc and non-v6 kernels (like Linux 391 with glibc 2.1) better 392 * hide failure of ERPT in ftp 393 * lots of bug fixes 394 395Changes in release 0.1l: 396 397 * make ftp and ftpd IPv6-aware 398 * add inet_pton to roken 399 * more IPv6-awareness 400 * make mini_inetd v6 aware 401 402Changes in release 0.1k: 403 404 * bump shared libraries versions 405 * add roken version of inet_ntop 406 * merge more changes to rshd 407 408Changes in release 0.1j: 409 410 * restore back to the `old' 3DES code. This was supposed to be done 411 in 0.1h and 0.1i but I did a CVS screw-up. 412 * make telnetd handle v6 connections 413 414Changes in release 0.1i: 415 416 * start using `struct sockaddr_storage' which simplifies the code 417 (with a fallback definition if it's not defined) 418 * bug fixes (including in hprop and kf) 419 * don't use mawk which seems to mishandle roken.awk 420 * get_addrs should be able to handle v6 addresses on Linux (with the 421 required patch to the Linux kernel -- ask within) 422 * rshd builds with shadow passwords 423 424Changes in release 0.1h: 425 426 * kf: new program for forwarding credentials 427 * portability fixes 428 * make forwarding credentials work with MIT code 429 * better conversion of ka database 430 * add etc/services.append 431 * correct `modified by' from kpasswdd 432 * lots of bug fixes 433 434Changes in release 0.1g: 435 436 * kgetcred: new program for explicitly obtaining tickets 437 * configure fixes 438 * krb5-aware kx 439 * bug fixes 440 441Changes in release 0.1f; 442 443 * experimental support for v4 kadmin protokoll in kadmind 444 * bug fixes 445 446Changes in release 0.1e: 447 448 * try to handle old DCE and MIT kdcs 449 * support for older versions of credential cache files and keytabs 450 * postdated tickets work 451 * support for password quality checks in kpasswdd 452 * new flag --enable-kaserver for kdc 453 * renew fixes 454 * prototype su program 455 * updated (some) manpages 456 * support for KDC resource records 457 * should build with --without-krb4 458 * bug fixes 459 460Changes in release 0.1d: 461 462 * Support building with DB2 (uses 1.85-compat API) 463 * Support krb5-realm.DOMAIN in DNS 464 * new `ktutil srvcreate' 465 * v4/kafs support in klist/kdestroy 466 * bug fixes 467 468Changes in release 0.1c: 469 470 * fix ASN.1 encoding of signed integers 471 * somewhat working `ktutil get' 472 * some documentation updates 473 * update to Autoconf 2.13 and Automake 1.4 474 * the usual bug fixes 475 476Changes in release 0.1b: 477 478 * some old -> new crypto conversion utils 479 * bug fixes 480 481Changes in release 0.1a: 482 483 * new crypto code 484 * more bug fixes 485 * make sure we ask for DES keys in gssapi 486 * support signed ints in ASN1 487 * IPv6-bug fixes 488 489Changes in release 0.0u: 490 491 * lots of bug fixes 492 493Changes in release 0.0t: 494 495 * more robust parsing of krb5.conf 496 * include net{read,write} in lib/roken 497 * bug fixes 498 499Changes in release 0.0s: 500 501 * kludges for parsing options to rsh 502 * more robust parsing of krb5.conf 503 * removed some arbitrary limits 504 * bug fixes 505 506Changes in release 0.0r: 507 508 * default options for some programs 509 * bug fixes 510 511Changes in release 0.0q: 512 513 * support for building shared libraries with libtool 514 * bug fixes 515 516Changes in release 0.0p: 517 518 * keytab moved to /etc/krb5.keytab 519 * avoid false detection of IPv6 on Linux 520 * Lots of more functionality in the gssapi-library 521 * hprop can now read ka-server databases 522 * bug fixes 523 524Changes in release 0.0o: 525 526 * FTP with GSSAPI support. 527 * Bug fixes. 528 529Changes in release 0.0n: 530 531 * Incremental database propagation. 532 * Somewhat improved kadmin ui; the stuff in admin is now removed. 533 * Some support for using enctypes instead of keytypes. 534 * Lots of other improvement and bug fixes, see ChangeLog for details. 535