NEWS revision 102644
1102644SnectarChanges in release 0.5 2102644Snectar 3102644Snectar * add --detach option to kdc 4102644Snectar 5102644Snectar * allow setting forward and forwardable option in telnet from 6102644Snectar .telnetrc, with override from command line 7102644Snectar 8102644Snectar * accept addresses with or without ports in krb5_rd_cred 9102644Snectar 10102644Snectar * make it work with modern openssl 11102644Snectar 12102644Snectar * use our own string2key function even with openssl (that handles weak 13102644Snectar keys incorrectly) 14102644Snectar 15102644Snectar * more system-specific requirements in login 16102644Snectar 17102644Snectar * do not use getlogin() to determine root in su 18102644Snectar 19102644Snectar * telnet: abort if telnetd does not support encryption 20102644Snectar 21102644Snectar * update autoconf to 2.53 22102644Snectar 23102644Snectar * update config.guess, config.sub 24102644Snectar 25102644Snectar * other bug fixes 26102644Snectar 2790926SnectarChanges in release 0.4e 2890926Snectar 2990926Snectar * improve libcrypto and database autoconf tests 3090926Snectar 3190926Snectar * do not care about salting of server principals when serving v4 requests 3290926Snectar 3390926Snectar * some improvements to gssapi library 3490926Snectar 3590926Snectar * test for existing compile_et/libcom_err 3690926Snectar 3790926Snectar * portability fixes 3890926Snectar 3990926Snectar * bug fixes 4090926Snectar 4190926SnectarChanges in release 0.4d 4290926Snectar 4390926Snectar * fix some problems when using libcrypto from openssl 4490926Snectar 4590926Snectar * handle /dev/ptmx `unix98' ptys on Linux 4690926Snectar 4790926Snectar * add some forgotten man pages 4890926Snectar 4990926Snectar * rsh: clean-up and add man page 5090926Snectar 5190926Snectar * fix -A and -a in builtin-ls in tpd 5290926Snectar 5390926Snectar * fix building problem on Irix 5490926Snectar 5590926Snectar * make `ktutil get' more efficient 5690926Snectar 5790926Snectar * bug fixes 5890926Snectar 5990926SnectarChanges in release 0.4c 6090926Snectar 6190926Snectar * fix buffer overrun in telnetd 6290926Snectar 6390926Snectar * repair some of the v4 fallback code in kinit 6490926Snectar 6590926Snectar * add more shared library dependencies 6690926Snectar 6790926Snectar * simplify and fix hprop handling of v4 databases 6890926Snectar 6990926Snectar * fix some building problems (osf's sia and osfc2 login) 7090926Snectar 7190926Snectar * bug fixes 7290926Snectar 7390926SnectarChanges in release 0.4b 7490926Snectar 7590926Snectar * update the shared library version numbers correctly 7690926Snectar 7790926SnectarChanges in release 0.4a 7890926Snectar 7990926Snectar * corrected key used for checksum in mk_safe, unfortunately this 8090926Snectar makes it backwards incompatible 8190926Snectar 8290926Snectar * update to autoconf 2.50, libtool 1.4 8390926Snectar 8490926Snectar * re-write dns/config lookups (krb5_krbhst API) 8590926Snectar 8690926Snectar * make order of using subkeys consistent 8790926Snectar 8890926Snectar * add man page links 8990926Snectar 9090926Snectar * add more man pages 9190926Snectar 9290926Snectar * remove rfc2052 support, now only rfc2782 is supported 9390926Snectar 9490926Snectar * always build with kaserver protocol support in the KDC (assuming 9590926Snectar KRB4 is enabled) and support for reading kaserver databases in 9690926Snectar hprop 9790926Snectar 9878527SassarChanges in release 0.3f 9978527Sassar 10078527Sassar * change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab, 10178527Sassar the new keytab type that tries both of these in order (SRVTAB is 10278527Sassar also an alias for krb4:) 10378527Sassar 10478527Sassar * improve error reporting and error handling (error messages should 10578527Sassar be more detailed and more useful) 10678527Sassar 10778527Sassar * improve building with openssl 10878527Sassar 10978527Sassar * add kadmin -K, rcp -F 11078527Sassar 11178527Sassar * fix two incorrect weak DES keys 11278527Sassar 11378527Sassar * fix building of kaserver compat in KDC 11478527Sassar 11578527Sassar * the API is closer to what MIT krb5 is using 11678527Sassar 11778527Sassar * more compatible with windows 2000 11878527Sassar 11978527Sassar * removed some memory leaks 12078527Sassar 12178527Sassar * bug fixes 12278527Sassar 12372445SassarChanges in release 0.3e 12472445Sassar 12572445Sassar * rcp program included 12672445Sassar 12772445Sassar * fix buffer overrun in ftpd 12872445Sassar 12972445Sassar * handle omitted sequence numbers as zeroes to handle MIT krb5 that 13072445Sassar cannot generate zero sequence numbers 13172445Sassar 13272445Sassar * handle v4 /.k files better 13372445Sassar 13472445Sassar * configure/portability fixes 13572445Sassar 13672445Sassar * fixes in parsing of options to kadmin (sub-)commands 13772445Sassar 13872445Sassar * handle errors in kadmin load better 13972445Sassar 14072445Sassar * bug fixes 14172445Sassar 14272445SassarChanges in release 0.3d 14372445Sassar 14472445Sassar * add krb5-config 14572445Sassar 14672445Sassar * fix a bug in 3des gss-api mechanism, making it compatible with the 14772445Sassar specification and the MIT implementation 14872445Sassar 14972445Sassar * make telnetd only allow a specific list of environment variables to 15072445Sassar stop it from setting `sensitive' variables 15172445Sassar 15272445Sassar * try to use an existing libdes 15372445Sassar 15472445Sassar * lib/krb5, kdc: use correct usage type for ap-req messages. This 15572445Sassar should improve compatability with MIT krb5 when using 3DES 15672445Sassar encryption types 15772445Sassar 15872445Sassar * kdc: fix memory allocation problem 15972445Sassar 16072445Sassar * update config.guess and config.sub 16172445Sassar 16272445Sassar * lib/roken: more stuff implemented 16372445Sassar 16472445Sassar * bug fixes and portability enhancements 16572445Sassar 16672445SassarChanges in release 0.3c 16772445Sassar 16872445Sassar * lib/krb5: memory caches now support the resolve operation 16972445Sassar 17072445Sassar * appl/login: set PATH to some sane default 17172445Sassar 17272445Sassar * kadmind: handle several realms 17372445Sassar 17472445Sassar * bug fixes (including memory leaks) 17572445Sassar 17672445SassarChanges in release 0.3b 17772445Sassar 17872445Sassar * kdc: prefer default-salted keys on v5 requests 17972445Sassar 18072445Sassar * kdc: lowercase hostnames in v4 mode 18172445Sassar 18272445Sassar * hprop: handle more types of MIT salts 18372445Sassar 18472445Sassar * lib/krb5: fix memory leak 18572445Sassar 18672445Sassar * bug fixes 18772445Sassar 18872445SassarChanges in release 0.3a: 18972445Sassar 19072445Sassar * implement arcfour-hmac-md5 to interoperate with W2K 19172445Sassar 19272445Sassar * modularise the handling of the master key, and allow for other 19372445Sassar encryption types. This makes it easier to import a database from 19472445Sassar some other source without having to re-encrypt all keys. 19572445Sassar 19672445Sassar * allow for better control over which encryption types are created 19772445Sassar 19872445Sassar * make kinit fallback to v4 if given a v4 KDC 19972445Sassar 20072445Sassar * make klist work better with v4 and v5, and add some more MIT 20172445Sassar compatibility options 20272445Sassar 20372445Sassar * make the kdc listen on the krb524 (4444) port for compatibility 20472445Sassar with MIT krb5 clients 20572445Sassar 20672445Sassar * implement more DCE/DFS support, enabled with --enable-dce, see 20772445Sassar lib/kdfs and appl/dceutils 20872445Sassar 20972445Sassar * make the sequence numbers work correctly 21072445Sassar 21172445Sassar * bug fixes 21272445Sassar 21372445SassarChanges in release 0.2t: 21472445Sassar 21572445Sassar * bug fixes 21672445Sassar 21772445SassarChanges in release 0.2s: 21872445Sassar 21972445Sassar * add OpenLDAP support in hdb 22072445Sassar 22172445Sassar * login will get v4 tickets when it receives forwarded tickets 22272445Sassar 22372445Sassar * xnlock supports both v5 and v4 22472445Sassar 22572445Sassar * repair source routing for telnet 22672445Sassar 22772445Sassar * fix building problems with krb4 (krb_mk_req) 22872445Sassar 22972445Sassar * bug fixes 23072445Sassar 23172445SassarChanges in release 0.2r: 23272445Sassar 23372445Sassar * fix realloc memory corruption bug in kdc 23472445Sassar 23572445Sassar * `add --key' and `cpw --key' in kadmin 23672445Sassar 23772445Sassar * klist supports listing v4 tickets 23872445Sassar 23972445Sassar * update config.guess and config.sub 24072445Sassar 24172445Sassar * make v4 -> v5 principal name conversion more robust 24272445Sassar 24372445Sassar * support for anonymous tickets 24472445Sassar 24572445Sassar * new man-pages 24672445Sassar 24772445Sassar * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab. 24872445Sassar 24972445Sassar * use and set expiration and not password expiration when dumping 25072445Sassar to/from ka server databases / krb4 databases 25172445Sassar 25272445Sassar * make the code happier with 64-bit time_t 25372445Sassar 25472445Sassar * follow RFC2782 and by default do not look for non-underscore SRV names 25572445Sassar 25672445SassarChanges in release 0.2q: 25772445Sassar 25872445Sassar * bug fix in tcp-handling in kdc 25972445Sassar 26072445Sassar * bug fix in expand_hostname 26172445Sassar 26257422SmarkmChanges in release 0.2p: 26357422Smarkm 26457422Smarkm * bug fix in `kadmin load/merge' 26557422Smarkm 26657422Smarkm * bug fix in krb5_parse_address 26757422Smarkm 26857419SmarkmChanges in release 0.2o: 26957419Smarkm 27057419Smarkm * gss_{import,export}_sec_context added to libgssapi 27157419Smarkm 27257419Smarkm * new option --addresses to kdc (for listening on an explicit set of 27357419Smarkm addresses) 27457419Smarkm 27557419Smarkm * bug fixes in the krb4 and kaserver emulation part of the kdc 27657419Smarkm 27757419Smarkm * other bug fixes 27857419Smarkm 27957416SmarkmChanges in release 0.2n: 28057416Smarkm 28157416Smarkm * more robust parsing of dump files in kadmin 28257416Smarkm * changed default timestamp format for log messages to extended ISO 28357416Smarkm 8601 format (Y-M-DTH:M:S) 28457416Smarkm * changed md4/md5/sha1 APIes to be de-facto `standard' 28557416Smarkm * always make hostname into lower-case before creating principal 28657416Smarkm * small bits of more MIT-compatability 28757416Smarkm * bug fixes 28857416Smarkm 28955682SmarkmChanges in release 0.2m: 29055682Smarkm 29155682Smarkm * handle glibc's getaddrinfo() that returns several ai_canonname 29255682Smarkm 29355682Smarkm * new endian test 29455682Smarkm 29555682Smarkm * man pages fixes 29655682Smarkm 29755682SmarkmChanges in release 0.2l: 29855682Smarkm 29955682Smarkm * bug fixes 30055682Smarkm 30155682SmarkmChanges in release 0.2k: 30255682Smarkm 30355682Smarkm * better IPv6 test 30455682Smarkm 30555682Smarkm * make struct sockaddr_storage in roken work better on alphas 30655682Smarkm 30755682Smarkm * some missing [hn]to[hn]s fixed. 30855682Smarkm 30955682Smarkm * allow users to change their own passwords with kadmin (with initial 31055682Smarkm tickets) 31155682Smarkm 31255682Smarkm * fix stupid bug in parsing KDC specification 31355682Smarkm 31455682Smarkm * add `ktutil change' and `ktutil purge' 31555682Smarkm 31655682SmarkmChanges in release 0.2j: 31755682Smarkm 31855682Smarkm * builds on Irix 31955682Smarkm 32055682Smarkm * ftpd works in passive mode 32155682Smarkm 32255682Smarkm * should build on cygwin 32355682Smarkm 32455682Smarkm * work around broken IPv6-code on OpenBSD 2.6, also add configure 32555682Smarkm option --disable-ipv6 32655682Smarkm 32755682SmarkmChanges in release 0.2i: 32855682Smarkm 32955682Smarkm * use getaddrinfo in the missing places. 33055682Smarkm 33155682Smarkm * fix SRV lookup for admin server 33255682Smarkm 33355682Smarkm * use get{addr,name}info everywhere. and implement it in terms of 33455682Smarkm getipnodeby{name,addr} (which uses gethostbyname{,2} and 33555682Smarkm gethostbyaddr) 33655682Smarkm 33755682SmarkmChanges in release 0.2h: 33855682Smarkm 33955682Smarkm * fix typo in kx (now compiles) 34055682Smarkm 34155682SmarkmChanges in release 0.2g: 34255682Smarkm 34355682Smarkm * lots of bug fixes: 34455682Smarkm * push works 34555682Smarkm * repair appl/test programs 34655682Smarkm * sockaddr_storage works on solaris (alignment issues) 34755682Smarkm * works better with non-roken getaddrinfo 34855682Smarkm * rsh works 34955682Smarkm * some non standard C constructs removed 35055682Smarkm 35155682SmarkmChanges in release 0.2f: 35255682Smarkm 35355682Smarkm * support SRV records for kpasswd 35455682Smarkm * look for both _kerberos and krb5-realm when doing host -> realm mapping 35555682Smarkm 35655682SmarkmChanges in release 0.2e: 35755682Smarkm 35855682Smarkm * changed copyright notices to remove `advertising'-clause. 35955682Smarkm * get{addr,name}info added to roken and used in the other code 36055682Smarkm (this makes things work much better with hosts with both v4 and v6 36155682Smarkm addresses, among other things) 36255682Smarkm * do pre-auth for both password and key-based get_in_tkt 36355682Smarkm * support for having several databases 36455682Smarkm * new command `del_enctype' in kadmin 36555682Smarkm * strptime (and new strftime) add to roken 36655682Smarkm * more paranoia about finding libdb 36755682Smarkm * bug fixes 36855682Smarkm 36955682SmarkmChanges in release 0.2d: 37055682Smarkm 37155682Smarkm * new configuration option [libdefaults]default_etypes_des 37255682Smarkm * internal ls in ftpd builds without KRB4 37355682Smarkm * kx/rsh/push/pop_debug tries v5 and v4 consistenly 37455682Smarkm * build bug fixes 37555682Smarkm * other bug fixes 37655682Smarkm 37755682SmarkmChanges in release 0.2c: 37855682Smarkm 37955682Smarkm * bug fixes (see ChangeLog's for details) 38055682Smarkm 38155682SmarkmChanges in release 0.2b: 38255682Smarkm 38355682Smarkm * bug fixes 38455682Smarkm * actually bump shared library versions 38555682Smarkm 38655682SmarkmChanges in release 0.2a: 38755682Smarkm 38855682Smarkm * a new program verify_krb5_conf for checking your /etc/krb5.conf 38955682Smarkm * add 3DES keys when changing password 39055682Smarkm * support null keys in database 39155682Smarkm * support multiple local realms 39255682Smarkm * implement a keytab backend for AFS KeyFile's 39355682Smarkm * implement a keytab backend for v4 srvtabs 39455682Smarkm * implement `ktutil copy' 39555682Smarkm * support password quality control in v4 kadmind 39655682Smarkm * improvements in v4 compat kadmind 39755682Smarkm * handle the case of having the correct cred in the ccache but with 39855682Smarkm the wrong encryption type better 39955682Smarkm * v6-ify the remaining programs. 40055682Smarkm * internal ls in ftpd 40155682Smarkm * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat 40255682Smarkm * add `ank --random-password' and `cpw --random-password' in kadmin 40355682Smarkm * some programs and documentation for trying to talk to a W2K KDC 40455682Smarkm * bug fixes 40555682Smarkm 40655682SmarkmChanges in release 0.1m: 40755682Smarkm 40855682Smarkm * support for getting default from krb5.conf for kinit/kf/rsh/telnet. 40955682Smarkm From Miroslav Ruda <ruda@ics.muni.cz> 41055682Smarkm * v6-ify hprop and hpropd 41155682Smarkm * support numeric addresses in krb5_mk_req 41255682Smarkm * shadow support in login and su. From Miroslav Ruda <ruda@ics.muni.cz> 41355682Smarkm * make rsh/rshd IPv6-aware 41455682Smarkm * make the gssapi sample applications better at reporting errors 41555682Smarkm * lots of bug fixes 41655682Smarkm * handle systems with v6-aware libc and non-v6 kernels (like Linux 41755682Smarkm with glibc 2.1) better 41855682Smarkm * hide failure of ERPT in ftp 41955682Smarkm * lots of bug fixes 42055682Smarkm 42155682SmarkmChanges in release 0.1l: 42255682Smarkm 42355682Smarkm * make ftp and ftpd IPv6-aware 42455682Smarkm * add inet_pton to roken 42555682Smarkm * more IPv6-awareness 42655682Smarkm * make mini_inetd v6 aware 42755682Smarkm 42855682SmarkmChanges in release 0.1k: 42955682Smarkm 43055682Smarkm * bump shared libraries versions 43155682Smarkm * add roken version of inet_ntop 43255682Smarkm * merge more changes to rshd 43355682Smarkm 43455682SmarkmChanges in release 0.1j: 43555682Smarkm 43655682Smarkm * restore back to the `old' 3DES code. This was supposed to be done 43755682Smarkm in 0.1h and 0.1i but I did a CVS screw-up. 43855682Smarkm * make telnetd handle v6 connections 43955682Smarkm 44055682SmarkmChanges in release 0.1i: 44155682Smarkm 44255682Smarkm * start using `struct sockaddr_storage' which simplifies the code 44355682Smarkm (with a fallback definition if it's not defined) 44455682Smarkm * bug fixes (including in hprop and kf) 44555682Smarkm * don't use mawk which seems to mishandle roken.awk 44655682Smarkm * get_addrs should be able to handle v6 addresses on Linux (with the 44755682Smarkm required patch to the Linux kernel -- ask within) 44855682Smarkm * rshd builds with shadow passwords 44955682Smarkm 45055682SmarkmChanges in release 0.1h: 45155682Smarkm 45255682Smarkm * kf: new program for forwarding credentials 45355682Smarkm * portability fixes 45455682Smarkm * make forwarding credentials work with MIT code 45555682Smarkm * better conversion of ka database 45655682Smarkm * add etc/services.append 45755682Smarkm * correct `modified by' from kpasswdd 45855682Smarkm * lots of bug fixes 45955682Smarkm 46055682SmarkmChanges in release 0.1g: 46155682Smarkm 46255682Smarkm * kgetcred: new program for explicitly obtaining tickets 46355682Smarkm * configure fixes 46455682Smarkm * krb5-aware kx 46555682Smarkm * bug fixes 46655682Smarkm 46755682SmarkmChanges in release 0.1f; 46855682Smarkm 46955682Smarkm * experimental support for v4 kadmin protokoll in kadmind 47055682Smarkm * bug fixes 47155682Smarkm 47255682SmarkmChanges in release 0.1e: 47355682Smarkm 47455682Smarkm * try to handle old DCE and MIT kdcs 47555682Smarkm * support for older versions of credential cache files and keytabs 47655682Smarkm * postdated tickets work 47755682Smarkm * support for password quality checks in kpasswdd 47855682Smarkm * new flag --enable-kaserver for kdc 47955682Smarkm * renew fixes 48055682Smarkm * prototype su program 48155682Smarkm * updated (some) manpages 48255682Smarkm * support for KDC resource records 48355682Smarkm * should build with --without-krb4 48455682Smarkm * bug fixes 48555682Smarkm 48655682SmarkmChanges in release 0.1d: 48755682Smarkm 48855682Smarkm * Support building with DB2 (uses 1.85-compat API) 48955682Smarkm * Support krb5-realm.DOMAIN in DNS 49055682Smarkm * new `ktutil srvcreate' 49155682Smarkm * v4/kafs support in klist/kdestroy 49255682Smarkm * bug fixes 49355682Smarkm 49455682SmarkmChanges in release 0.1c: 49555682Smarkm 49655682Smarkm * fix ASN.1 encoding of signed integers 49755682Smarkm * somewhat working `ktutil get' 49855682Smarkm * some documentation updates 49955682Smarkm * update to Autoconf 2.13 and Automake 1.4 50055682Smarkm * the usual bug fixes 50155682Smarkm 50255682SmarkmChanges in release 0.1b: 50355682Smarkm 50455682Smarkm * some old -> new crypto conversion utils 50555682Smarkm * bug fixes 50655682Smarkm 50755682SmarkmChanges in release 0.1a: 50855682Smarkm 50955682Smarkm * new crypto code 51055682Smarkm * more bug fixes 51155682Smarkm * make sure we ask for DES keys in gssapi 51255682Smarkm * support signed ints in ASN1 51355682Smarkm * IPv6-bug fixes 51455682Smarkm 51555682SmarkmChanges in release 0.0u: 51655682Smarkm 51755682Smarkm * lots of bug fixes 51855682Smarkm 51955682SmarkmChanges in release 0.0t: 52055682Smarkm 52155682Smarkm * more robust parsing of krb5.conf 52255682Smarkm * include net{read,write} in lib/roken 52355682Smarkm * bug fixes 52455682Smarkm 52555682SmarkmChanges in release 0.0s: 52655682Smarkm 52755682Smarkm * kludges for parsing options to rsh 52855682Smarkm * more robust parsing of krb5.conf 52955682Smarkm * removed some arbitrary limits 53055682Smarkm * bug fixes 53155682Smarkm 53255682SmarkmChanges in release 0.0r: 53355682Smarkm 53455682Smarkm * default options for some programs 53555682Smarkm * bug fixes 53655682Smarkm 53755682SmarkmChanges in release 0.0q: 53855682Smarkm 53955682Smarkm * support for building shared libraries with libtool 54055682Smarkm * bug fixes 54155682Smarkm 54255682SmarkmChanges in release 0.0p: 54355682Smarkm 54455682Smarkm * keytab moved to /etc/krb5.keytab 54555682Smarkm * avoid false detection of IPv6 on Linux 54655682Smarkm * Lots of more functionality in the gssapi-library 54755682Smarkm * hprop can now read ka-server databases 54855682Smarkm * bug fixes 54955682Smarkm 55055682SmarkmChanges in release 0.0o: 55155682Smarkm 55255682Smarkm * FTP with GSSAPI support. 55355682Smarkm * Bug fixes. 55455682Smarkm 55555682SmarkmChanges in release 0.0n: 55655682Smarkm 55755682Smarkm * Incremental database propagation. 55855682Smarkm * Somewhat improved kadmin ui; the stuff in admin is now removed. 55955682Smarkm * Some support for using enctypes instead of keytypes. 56055682Smarkm * Lots of other improvement and bug fixes, see ChangeLog for details. 561