xref: /freebsd/crypto/heimdal/NEWS (revision ae83180158c4c937f170e31eff311b18c0286a93)
1Changes in release 0.4e
2
3 * improve libcrypto and database autoconf tests
4
5 * do not care about salting of server principals when serving v4 requests
6
7 * some improvements to gssapi library
8
9 * test for existing compile_et/libcom_err
10
11 * portability fixes
12
13 * bug fixes
14
15Changes in release 0.4d
16
17 * fix some problems when using libcrypto from openssl
18
19 * handle /dev/ptmx `unix98' ptys on Linux
20
21 * add some forgotten man pages
22
23 * rsh: clean-up and add man page
24
25 * fix -A and -a in builtin-ls in tpd
26
27 * fix building problem on Irix
28
29 * make `ktutil get' more efficient
30
31 * bug fixes
32
33Changes in release 0.4c
34
35 * fix buffer overrun in telnetd
36
37 * repair some of the v4 fallback code in kinit
38
39 * add more shared library dependencies
40
41 * simplify and fix hprop handling of v4 databases
42
43 * fix some building problems (osf's sia and osfc2 login)
44
45 * bug fixes
46
47Changes in release 0.4b
48
49 * update the shared library version numbers correctly
50
51Changes in release 0.4a
52
53 * corrected key used for checksum in mk_safe, unfortunately this
54   makes it backwards incompatible
55
56 * update to autoconf 2.50, libtool 1.4
57
58 * re-write dns/config lookups (krb5_krbhst API)
59
60 * make order of using subkeys consistent
61
62 * add man page links
63
64 * add more man pages
65
66 * remove rfc2052 support, now only rfc2782 is supported
67
68 * always build with kaserver protocol support in the KDC (assuming
69   KRB4 is enabled) and support for reading kaserver databases in
70   hprop
71
72Changes in release 0.3f
73
74 * change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab,
75   the new keytab type that tries both of these in order (SRVTAB is
76   also an alias for krb4:)
77
78 * improve error reporting and error handling (error messages should
79   be more detailed and more useful)
80
81 * improve building with openssl
82
83 * add kadmin -K, rcp -F
84
85 * fix two incorrect weak DES keys
86
87 * fix building of kaserver compat in KDC
88
89 * the API is closer to what MIT krb5 is using
90
91 * more compatible with windows 2000
92
93 * removed some memory leaks
94
95 * bug fixes
96
97Changes in release 0.3e
98
99 * rcp program included
100
101 * fix buffer overrun in ftpd
102
103 * handle omitted sequence numbers as zeroes to handle MIT krb5 that
104   cannot generate zero sequence numbers
105
106 * handle v4 /.k files better
107
108 * configure/portability fixes
109
110 * fixes in parsing of options to kadmin (sub-)commands
111
112 * handle errors in kadmin load better
113
114 * bug fixes
115
116Changes in release 0.3d
117
118 * add krb5-config
119
120 * fix a bug in 3des gss-api mechanism, making it compatible with the
121   specification and the MIT implementation
122
123 * make telnetd only allow a specific list of environment variables to
124   stop it from setting `sensitive' variables
125
126 * try to use an existing libdes
127
128 * lib/krb5, kdc: use correct usage type for ap-req messages.  This
129   should improve compatability with MIT krb5 when using 3DES
130   encryption types
131
132 * kdc: fix memory allocation problem
133
134 * update config.guess and config.sub
135
136 * lib/roken: more stuff implemented
137
138 * bug fixes and portability enhancements
139
140Changes in release 0.3c
141
142 * lib/krb5: memory caches now support the resolve operation
143
144 * appl/login: set PATH to some sane default
145
146 * kadmind: handle several realms
147
148 * bug fixes (including memory leaks)
149
150Changes in release 0.3b
151
152 * kdc: prefer default-salted keys on v5 requests
153
154 * kdc: lowercase hostnames in v4 mode
155
156 * hprop: handle more types of MIT salts
157
158 * lib/krb5: fix memory leak
159
160 * bug fixes
161
162Changes in release 0.3a:
163
164 * implement arcfour-hmac-md5 to interoperate with W2K
165
166 * modularise the handling of the master key, and allow for other
167   encryption types. This makes it easier to import a database from
168   some other source without having to re-encrypt all keys.
169
170 * allow for better control over which encryption types are created
171
172 * make kinit fallback to v4 if given a v4 KDC
173
174 * make klist work better with v4 and v5, and add some more MIT
175   compatibility options
176
177 * make the kdc listen on the krb524 (4444) port for compatibility
178   with MIT krb5 clients
179
180 * implement more DCE/DFS support, enabled with --enable-dce, see
181   lib/kdfs and appl/dceutils
182
183 * make the sequence numbers work correctly
184
185 * bug fixes
186
187Changes in release 0.2t:
188
189 * bug fixes
190
191Changes in release 0.2s:
192
193 * add OpenLDAP support in hdb
194
195 * login will get v4 tickets when it receives forwarded tickets
196
197 * xnlock supports both v5 and v4
198
199 * repair source routing for telnet
200
201 * fix building problems with krb4 (krb_mk_req)
202
203 * bug fixes
204
205Changes in release 0.2r:
206
207 * fix realloc memory corruption bug in kdc
208
209 * `add --key' and `cpw --key' in kadmin
210
211 * klist supports listing v4 tickets
212
213 * update config.guess and config.sub
214
215 * make v4 -> v5 principal name conversion more robust
216
217 * support for anonymous tickets
218
219 * new man-pages
220
221 * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab.
222
223 * use and set expiration and not password expiration when dumping
224   to/from ka server databases / krb4 databases
225
226 * make the code happier with 64-bit time_t
227
228 * follow RFC2782 and by default do not look for non-underscore SRV names
229
230Changes in release 0.2q:
231
232 * bug fix in tcp-handling in kdc
233
234 * bug fix in expand_hostname
235
236Changes in release 0.2p:
237
238 * bug fix in `kadmin load/merge'
239
240 * bug fix in krb5_parse_address
241
242Changes in release 0.2o:
243
244 * gss_{import,export}_sec_context added to libgssapi
245
246 * new option --addresses to kdc (for listening on an explicit set of
247   addresses)
248
249 * bug fixes in the krb4 and kaserver emulation part of the kdc
250
251 * other bug fixes
252
253Changes in release 0.2n:
254
255 * more robust parsing of dump files in kadmin
256 * changed default timestamp format for log messages to extended ISO
257   8601 format (Y-M-DTH:M:S)
258 * changed md4/md5/sha1 APIes to be de-facto `standard'
259 * always make hostname into lower-case before creating principal
260 * small bits of more MIT-compatability
261 * bug fixes
262
263Changes in release 0.2m:
264
265 * handle glibc's getaddrinfo() that returns several ai_canonname
266
267 * new endian test
268
269 * man pages fixes
270
271Changes in release 0.2l:
272
273 * bug fixes
274
275Changes in release 0.2k:
276
277 * better IPv6 test
278
279 * make struct sockaddr_storage in roken work better on alphas
280
281 * some missing [hn]to[hn]s fixed.
282
283 * allow users to change their own passwords with kadmin (with initial
284   tickets)
285
286 * fix stupid bug in parsing KDC specification
287
288 * add `ktutil change' and `ktutil purge'
289
290Changes in release 0.2j:
291
292 * builds on Irix
293
294 * ftpd works in passive mode
295
296 * should build on cygwin
297
298 * work around broken IPv6-code on OpenBSD 2.6, also add configure
299   option --disable-ipv6
300
301Changes in release 0.2i:
302
303 * use getaddrinfo in the missing places.
304
305 * fix SRV lookup for admin server
306
307 * use get{addr,name}info everywhere.  and implement it in terms of
308   getipnodeby{name,addr} (which uses gethostbyname{,2} and
309   gethostbyaddr)
310
311Changes in release 0.2h:
312
313 * fix typo in kx (now compiles)
314
315Changes in release 0.2g:
316
317 * lots of bug fixes:
318   * push works
319   * repair appl/test programs
320   * sockaddr_storage works on solaris (alignment issues)
321   * works better with non-roken getaddrinfo
322   * rsh works
323   * some non standard C constructs removed
324
325Changes in release 0.2f:
326
327 * support SRV records for kpasswd
328 * look for both _kerberos and krb5-realm when doing host -> realm mapping
329
330Changes in release 0.2e:
331
332 * changed copyright notices to remove `advertising'-clause.
333 * get{addr,name}info added to roken and used in the other code
334   (this makes things work much better with hosts with both v4 and v6
335    addresses, among other things)
336 * do pre-auth for both password and key-based get_in_tkt
337 * support for having several databases
338 * new command `del_enctype' in kadmin
339 * strptime (and new strftime) add to roken
340 * more paranoia about finding libdb
341 * bug fixes
342
343Changes in release 0.2d:
344
345 * new configuration option [libdefaults]default_etypes_des
346 * internal ls in ftpd builds without KRB4
347 * kx/rsh/push/pop_debug tries v5 and v4 consistenly
348 * build bug fixes
349 * other bug fixes
350
351Changes in release 0.2c:
352
353 * bug fixes (see ChangeLog's for details)
354
355Changes in release 0.2b:
356
357 * bug fixes
358 * actually bump shared library versions
359
360Changes in release 0.2a:
361
362 * a new program verify_krb5_conf for checking your /etc/krb5.conf
363 * add 3DES keys when changing password
364 * support null keys in database
365 * support multiple local realms
366 * implement a keytab backend for AFS KeyFile's
367 * implement a keytab backend for v4 srvtabs
368 * implement `ktutil copy'
369 * support password quality control in v4 kadmind
370 * improvements in v4 compat kadmind
371 * handle the case of having the correct cred in the ccache but with
372   the wrong encryption type better
373 * v6-ify the remaining programs.
374 * internal ls in ftpd
375 * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat
376 * add `ank --random-password' and `cpw --random-password' in kadmin
377 * some programs and documentation for trying to talk to a W2K KDC
378 * bug fixes
379
380Changes in release 0.1m:
381
382 * support for getting default from krb5.conf for kinit/kf/rsh/telnet.
383   From Miroslav Ruda <ruda@ics.muni.cz>
384 * v6-ify hprop and hpropd
385 * support numeric addresses in krb5_mk_req
386 * shadow support in login and su. From Miroslav Ruda <ruda@ics.muni.cz>
387 * make rsh/rshd IPv6-aware
388 * make the gssapi sample applications better at reporting errors
389 * lots of bug fixes
390 * handle systems with v6-aware libc and non-v6 kernels (like Linux
391   with glibc 2.1) better
392 * hide failure of ERPT in ftp
393 * lots of bug fixes
394
395Changes in release 0.1l:
396
397 * make ftp and ftpd IPv6-aware
398 * add inet_pton to roken
399 * more IPv6-awareness
400 * make mini_inetd v6 aware
401
402Changes in release 0.1k:
403
404 * bump shared libraries versions
405 * add roken version of inet_ntop
406 * merge more changes to rshd
407
408Changes in release 0.1j:
409
410 * restore back to the `old' 3DES code.  This was supposed to be done
411   in 0.1h and 0.1i but I did a CVS screw-up.
412 * make telnetd handle v6 connections
413
414Changes in release 0.1i:
415
416 * start using `struct sockaddr_storage' which simplifies the code
417   (with a fallback definition if it's not defined)
418 * bug fixes (including in hprop and kf)
419 * don't use mawk which seems to mishandle roken.awk
420 * get_addrs should be able to handle v6 addresses on Linux (with the
421   required patch to the Linux kernel -- ask within)
422 * rshd builds with shadow passwords
423
424Changes in release 0.1h:
425
426 * kf: new program for forwarding credentials
427 * portability fixes
428 * make forwarding credentials work with MIT code
429 * better conversion of ka database
430 * add etc/services.append
431 * correct `modified by' from kpasswdd
432 * lots of bug fixes
433
434Changes in release 0.1g:
435
436 * kgetcred: new program for explicitly obtaining tickets
437 * configure fixes
438 * krb5-aware kx
439 * bug fixes
440
441Changes in release 0.1f;
442
443 * experimental support for v4 kadmin protokoll in kadmind
444 * bug fixes
445
446Changes in release 0.1e:
447
448 * try to handle old DCE and MIT kdcs
449 * support for older versions of credential cache files and keytabs
450 * postdated tickets work
451 * support for password quality checks in kpasswdd
452 * new flag --enable-kaserver for kdc
453 * renew fixes
454 * prototype su program
455 * updated (some) manpages
456 * support for KDC resource records
457 * should build with --without-krb4
458 * bug fixes
459
460Changes in release 0.1d:
461
462 * Support building with DB2 (uses 1.85-compat API)
463 * Support krb5-realm.DOMAIN in DNS
464 * new `ktutil srvcreate'
465 * v4/kafs support in klist/kdestroy
466 * bug fixes
467
468Changes in release 0.1c:
469
470 * fix ASN.1 encoding of signed integers
471 * somewhat working `ktutil get'
472 * some documentation updates
473 * update to Autoconf 2.13 and Automake 1.4
474 * the usual bug fixes
475
476Changes in release 0.1b:
477
478 * some old -> new crypto conversion utils
479 * bug fixes
480
481Changes in release 0.1a:
482
483 * new crypto code
484 * more bug fixes
485 * make sure we ask for DES keys in gssapi
486 * support signed ints in ASN1
487 * IPv6-bug fixes
488
489Changes in release 0.0u:
490
491 * lots of bug fixes
492
493Changes in release 0.0t:
494
495 * more robust parsing of krb5.conf
496 * include net{read,write} in lib/roken
497 * bug fixes
498
499Changes in release 0.0s:
500
501 * kludges for parsing options to rsh
502 * more robust parsing of krb5.conf
503 * removed some arbitrary limits
504 * bug fixes
505
506Changes in release 0.0r:
507
508 * default options for some programs
509 * bug fixes
510
511Changes in release 0.0q:
512
513 * support for building shared libraries with libtool
514 * bug fixes
515
516Changes in release 0.0p:
517
518 * keytab moved to /etc/krb5.keytab
519 * avoid false detection of IPv6 on Linux
520 * Lots of more functionality in the gssapi-library
521 * hprop can now read ka-server databases
522 * bug fixes
523
524Changes in release 0.0o:
525
526 * FTP with GSSAPI support.
527 * Bug fixes.
528
529Changes in release 0.0n:
530
531 * Incremental database propagation.
532 * Somewhat improved kadmin ui; the stuff in admin is now removed.
533 * Some support for using enctypes instead of keytypes.
534 * Lots of other improvement and bug fixes, see ChangeLog for details.
535