PSARC 2010/135 Kerberos Diagnostic Enhancements (umbrella case)
6835328 Error messages generated by applications using RPCSEC_GSS are too vague

6909129 krb5 keytab management API should be simplified to easily merge keys from different realms

6916796 OSnet mapfiles should use version 2 link-editor syntax

PSARC 2010/083 Kerberos Profile API
6927135 A simple API should be provided to create a Kerberos system's configuration information

6794523 rcache could skip fsync(2)s in common cases with a dynamic skew concept

6885980 Need case-insensitive keytab lookups for MS interop
6885387 gsskrb5_extract_authz_data_from_sec_context() fails with service ticket sent by Windows 7 client
6858400 kclient cant join Windows AD domain if hostname is 20 characters or longer
6867203 Solaris acceptors fail in Windows 2000 environment
6868908 Solaris acceptors should have returned KRB5KRB_AP_ERR_MODIFIED for Microsoft interoperability
6867208 Windows client cannot recover from KRB5KRB_AP_ERR_SKEW error

PSARC 2009/418 Kerberos V5 PAC API
6283931 SPNEGO needs to follow latest RFC
6808598 krb5 APIs needed to create and parse PAC data
6817447 libgss and various mechs are hiding both the real minor_status and the error token

6777148 idmap fails to auto-discover AD due to ldap_sasl_bind failure

6798660 Cadmium .NOT file processing problem with CWD relative file paths
Contributed by Richard Lowe
6785284 Mapfile versioning rules need to be more visible to gatelings
6800164 Standard file exclusion mechanism needed for Cadmium tools

PSARC/2008/631 Kerberos PKINIT
PSARC/2008/358 removal of kadm5.keytab
6698059 Resync with mit 1.6.3 (pkinit)
6749302 pam_krb5 auth fails with key table entry not found

6692336 ktkt_warnd(1M) client code should be a library

6245750 kadmin "Bad encryption type" error should state the enctype
6658621 Configuration checks for kerberos daemons should be done by the daemons themselves
6658624 Missing error strings for new kerberos DB error types
6658627 kpropd should use its executable name and not the full path when logging error messages
6658631 error messages in kerberos deamons need cleanup
6664832 various memleaks in krb libs

6573019 mit 1.4 sub-glue layer resync

PSARC/2006/277 Support for Kerberos Records in LDAP Directory
6399903 Support for Kerberos Records in LDAP Directory
6520554 MIT bug #5427 with krb5_kt_get_name()
6597851 dmake lint in usr/src/lib/gss_mechs/mech_krb5 broken

PSARC/2006/690 Kerberos client configuration improvements
6496710 enable dns_lookup_kdc by default
6499339 krb zero conf needs better realm lookup logic
6523887 krb should support client side referrals
6528391 krb5.conf should not be delivered in a misconfigured state

6543658 krb5_set_default_tgs_enctypes: referenced symbol not found

6394510 error table is out of whack
6497698 krb5kdc(1) should also provide password expiration information
6497703 pam_krb5(5) should interpret the key expiration field to display expiration warning information
6514446 pam_dhkeys prompts for secure RPC password when neither LOCAL or DES credentials exist
6515558 Pre-s10 client's keytab file are generated incorrectly when auth princ == target princ
6523684 Memory rcache function doesn't acquire the right locks

PSARC 2006/424 Kerberos 1.4 KDC Resync
6406993 kdc and client resync with MIT 1.4

6357230 specfiles should be nuked

PSARC 2010/135 Kerberos Diagnostic Enhancements (umbrella case)
6835328 Error messages generated by applications using RPCSEC_GSS are too vague

6909129 krb5 keytab management API should be simplified to easily merge keys from different realms

6916796 OSnet mapfiles should use version 2 link-editor syntax

PSARC 2010/083 Kerberos Profile API
6927135 A simple API should be provided to create a Kerberos system's configuration information

6794523 rcache could skip fsync(2)s in common cases with a dynamic skew concept

6885980 Need case-insensitive keytab lookups for MS interop
6885387 gsskrb5_extract_authz_data_from_sec_context() fails with service ticket sent by Windows 7 client
6858400 kclient cant join Windows AD domain if hostname is 20 characters or longer
6867203 Solaris acceptors fail in Windows 2000 environment
6868908 Solaris acceptors should have returned KRB5KRB_AP_ERR_MODIFIED for Microsoft interoperability
6867208 Windows client cannot recover from KRB5KRB_AP_ERR_SKEW error

PSARC 2009/418 Kerberos V5 PAC API
6283931 SPNEGO needs to follow latest RFC
6808598 krb5 APIs needed to create and parse PAC data
6817447 libgss and various mechs are hiding both the real minor_status and the error token

6777148 idmap fails to auto-discover AD due to ldap_sasl_bind failure

6798660 Cadmium .NOT file processing problem with CWD relative file paths
Contributed by Richard Lowe
6785284 Mapfile versioning rules need to be more visible to gatelings
6800164 Standard file exclusion mechanism needed for Cadmium tools

PSARC/2008/631 Kerberos PKINIT
PSARC/2008/358 removal of kadm5.keytab
6698059 Resync with mit 1.6.3 (pkinit)
6749302 pam_krb5 auth fails with key table entry not found

6692336 ktkt_warnd(1M) client code should be a library

6245750 kadmin "Bad encryption type" error should state the enctype
6658621 Configuration checks for kerberos daemons should be done by the daemons themselves
6658624 Missing error strings for new kerberos DB error types
6658627 kpropd should use its executable name and not the full path when logging error messages
6658631 error messages in kerberos deamons need cleanup
6664832 various memleaks in krb libs

6573019 mit 1.4 sub-glue layer resync

PSARC/2006/277 Support for Kerberos Records in LDAP Directory
6399903 Support for Kerberos Records in LDAP Directory
6520554 MIT bug #5427 with krb5_kt_get_name()
6597851 dmake lint in usr/src/lib/gss_mechs/mech_krb5 broken

PSARC/2006/690 Kerberos client configuration improvements
6496710 enable dns_lookup_kdc by default
6499339 krb zero conf needs better realm lookup logic
6523887 krb should support client side referrals
6528391 krb5.conf should not be delivered in a misconfigured state

6543658 krb5_set_default_tgs_enctypes: referenced symbol not found

6394510 error table is out of whack
6497698 krb5kdc(1) should also provide password expiration information
6497703 pam_krb5(5) should interpret the key expiration field to display expiration warning information
6514446 pam_dhkeys prompts for secure RPC password when neither LOCAL or DES credentials exist
6515558 Pre-s10 client's keytab file are generated incorrectly when auth princ == target princ
6523684 Memory rcache function doesn't acquire the right locks

PSARC 2006/424 Kerberos 1.4 KDC Resync
6406993 kdc and client resync with MIT 1.4

6357230 specfiles should be nuked