NEWS revision 127808
1127808SnectarChanges in release 0.6.1 2127808Snectar 3127808Snectar * Fixed ARCFOUR suppport 4127808Snectar 5127808Snectar * Cross realm vulnerability 6127808Snectar 7127808Snectar * kdc: fix denial of service attack 8127808Snectar 9127808Snectar * kdc: stop clients from renewing tickets into the future 10127808Snectar 11127808Snectar * bug fixes 12127808Snectar 13120945SnectarChanges in release 0.6 14120945Snectar 15120945Snectar* The DES3 GSS-API mechanism has been changed to inter-operate with 16120945Snectar other GSSAPI implementations. See man page for gssapi(3) how to turn 17120945Snectar on generation of correct MIC messages. Next major release of heimdal 18120945Snectar will generate correct MIC by default. 19120945Snectar 20120945Snectar* More complete GSS-API support 21120945Snectar 22120945Snectar* Better AFS support: kdc (524) supports 2b; 524 in kdc and AFS 23120945Snectar support in applications no longer requires Kerberos 4 libs 24120945Snectar 25120945Snectar* Kerberos 4 support in kdc defaults to turned off (includes ka and 524) 26120945Snectar 27120945Snectar* other bug fixes 28120945Snectar 29120945SnectarChanges in release 0.5.2 30120945Snectar 31120945Snectar * kdc: add option for disabling v4 cross-realm (defaults to off) 32120945Snectar 33120945Snectar * bug fixes 34120945Snectar 35107207SnectarChanges in release 0.5.1 36107207Snectar 37107207Snectar * kadmind: fix remote exploit 38107207Snectar 39107207Snectar * kadmind: add option to disable kerberos 4 40107207Snectar 41107207Snectar * kdc: make sure kaserver token life is positive 42107207Snectar 43107207Snectar * telnet: use the session key if there is no subkey 44107207Snectar 45107207Snectar * fix EPSV parsing in ftp 46107207Snectar 47107207Snectar * other bug fixes 48107207Snectar 49102644SnectarChanges in release 0.5 50102644Snectar 51102644Snectar * add --detach option to kdc 52102644Snectar 53102644Snectar * allow setting forward and forwardable option in telnet from 54102644Snectar .telnetrc, with override from command line 55102644Snectar 56102644Snectar * accept addresses with or without ports in krb5_rd_cred 57102644Snectar 58102644Snectar * make it work with modern openssl 59102644Snectar 60102644Snectar * use our own string2key function even with openssl (that handles weak 61102644Snectar keys incorrectly) 62102644Snectar 63102644Snectar * more system-specific requirements in login 64102644Snectar 65102644Snectar * do not use getlogin() to determine root in su 66102644Snectar 67102644Snectar * telnet: abort if telnetd does not support encryption 68102644Snectar 69102644Snectar * update autoconf to 2.53 70102644Snectar 71102644Snectar * update config.guess, config.sub 72102644Snectar 73102644Snectar * other bug fixes 74102644Snectar 7590926SnectarChanges in release 0.4e 7690926Snectar 7790926Snectar * improve libcrypto and database autoconf tests 7890926Snectar 7990926Snectar * do not care about salting of server principals when serving v4 requests 8090926Snectar 8190926Snectar * some improvements to gssapi library 8290926Snectar 8390926Snectar * test for existing compile_et/libcom_err 8490926Snectar 8590926Snectar * portability fixes 8690926Snectar 8790926Snectar * bug fixes 8890926Snectar 8990926SnectarChanges in release 0.4d 9090926Snectar 9190926Snectar * fix some problems when using libcrypto from openssl 9290926Snectar 9390926Snectar * handle /dev/ptmx `unix98' ptys on Linux 9490926Snectar 9590926Snectar * add some forgotten man pages 9690926Snectar 9790926Snectar * rsh: clean-up and add man page 9890926Snectar 9990926Snectar * fix -A and -a in builtin-ls in tpd 10090926Snectar 10190926Snectar * fix building problem on Irix 10290926Snectar 10390926Snectar * make `ktutil get' more efficient 10490926Snectar 10590926Snectar * bug fixes 10690926Snectar 10790926SnectarChanges in release 0.4c 10890926Snectar 10990926Snectar * fix buffer overrun in telnetd 11090926Snectar 11190926Snectar * repair some of the v4 fallback code in kinit 11290926Snectar 11390926Snectar * add more shared library dependencies 11490926Snectar 11590926Snectar * simplify and fix hprop handling of v4 databases 11690926Snectar 11790926Snectar * fix some building problems (osf's sia and osfc2 login) 11890926Snectar 11990926Snectar * bug fixes 12090926Snectar 12190926SnectarChanges in release 0.4b 12290926Snectar 12390926Snectar * update the shared library version numbers correctly 12490926Snectar 12590926SnectarChanges in release 0.4a 12690926Snectar 12790926Snectar * corrected key used for checksum in mk_safe, unfortunately this 12890926Snectar makes it backwards incompatible 12990926Snectar 13090926Snectar * update to autoconf 2.50, libtool 1.4 13190926Snectar 13290926Snectar * re-write dns/config lookups (krb5_krbhst API) 13390926Snectar 13490926Snectar * make order of using subkeys consistent 13590926Snectar 13690926Snectar * add man page links 13790926Snectar 13890926Snectar * add more man pages 13990926Snectar 14090926Snectar * remove rfc2052 support, now only rfc2782 is supported 14190926Snectar 14290926Snectar * always build with kaserver protocol support in the KDC (assuming 14390926Snectar KRB4 is enabled) and support for reading kaserver databases in 14490926Snectar hprop 14590926Snectar 14678527SassarChanges in release 0.3f 14778527Sassar 14878527Sassar * change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab, 14978527Sassar the new keytab type that tries both of these in order (SRVTAB is 15078527Sassar also an alias for krb4:) 15178527Sassar 15278527Sassar * improve error reporting and error handling (error messages should 15378527Sassar be more detailed and more useful) 15478527Sassar 15578527Sassar * improve building with openssl 15678527Sassar 15778527Sassar * add kadmin -K, rcp -F 15878527Sassar 15978527Sassar * fix two incorrect weak DES keys 16078527Sassar 16178527Sassar * fix building of kaserver compat in KDC 16278527Sassar 16378527Sassar * the API is closer to what MIT krb5 is using 16478527Sassar 16578527Sassar * more compatible with windows 2000 16678527Sassar 16778527Sassar * removed some memory leaks 16878527Sassar 16978527Sassar * bug fixes 17078527Sassar 17172445SassarChanges in release 0.3e 17272445Sassar 17372445Sassar * rcp program included 17472445Sassar 17572445Sassar * fix buffer overrun in ftpd 17672445Sassar 17772445Sassar * handle omitted sequence numbers as zeroes to handle MIT krb5 that 17872445Sassar cannot generate zero sequence numbers 17972445Sassar 18072445Sassar * handle v4 /.k files better 18172445Sassar 18272445Sassar * configure/portability fixes 18372445Sassar 18472445Sassar * fixes in parsing of options to kadmin (sub-)commands 18572445Sassar 18672445Sassar * handle errors in kadmin load better 18772445Sassar 18872445Sassar * bug fixes 18972445Sassar 19072445SassarChanges in release 0.3d 19172445Sassar 19272445Sassar * add krb5-config 19372445Sassar 19472445Sassar * fix a bug in 3des gss-api mechanism, making it compatible with the 19572445Sassar specification and the MIT implementation 19672445Sassar 19772445Sassar * make telnetd only allow a specific list of environment variables to 19872445Sassar stop it from setting `sensitive' variables 19972445Sassar 20072445Sassar * try to use an existing libdes 20172445Sassar 20272445Sassar * lib/krb5, kdc: use correct usage type for ap-req messages. This 20372445Sassar should improve compatability with MIT krb5 when using 3DES 20472445Sassar encryption types 20572445Sassar 20672445Sassar * kdc: fix memory allocation problem 20772445Sassar 20872445Sassar * update config.guess and config.sub 20972445Sassar 21072445Sassar * lib/roken: more stuff implemented 21172445Sassar 21272445Sassar * bug fixes and portability enhancements 21372445Sassar 21472445SassarChanges in release 0.3c 21572445Sassar 21672445Sassar * lib/krb5: memory caches now support the resolve operation 21772445Sassar 21872445Sassar * appl/login: set PATH to some sane default 21972445Sassar 22072445Sassar * kadmind: handle several realms 22172445Sassar 22272445Sassar * bug fixes (including memory leaks) 22372445Sassar 22472445SassarChanges in release 0.3b 22572445Sassar 22672445Sassar * kdc: prefer default-salted keys on v5 requests 22772445Sassar 22872445Sassar * kdc: lowercase hostnames in v4 mode 22972445Sassar 23072445Sassar * hprop: handle more types of MIT salts 23172445Sassar 23272445Sassar * lib/krb5: fix memory leak 23372445Sassar 23472445Sassar * bug fixes 23572445Sassar 23672445SassarChanges in release 0.3a: 23772445Sassar 23872445Sassar * implement arcfour-hmac-md5 to interoperate with W2K 23972445Sassar 24072445Sassar * modularise the handling of the master key, and allow for other 24172445Sassar encryption types. This makes it easier to import a database from 24272445Sassar some other source without having to re-encrypt all keys. 24372445Sassar 24472445Sassar * allow for better control over which encryption types are created 24572445Sassar 24672445Sassar * make kinit fallback to v4 if given a v4 KDC 24772445Sassar 24872445Sassar * make klist work better with v4 and v5, and add some more MIT 24972445Sassar compatibility options 25072445Sassar 25172445Sassar * make the kdc listen on the krb524 (4444) port for compatibility 25272445Sassar with MIT krb5 clients 25372445Sassar 25472445Sassar * implement more DCE/DFS support, enabled with --enable-dce, see 25572445Sassar lib/kdfs and appl/dceutils 25672445Sassar 25772445Sassar * make the sequence numbers work correctly 25872445Sassar 25972445Sassar * bug fixes 26072445Sassar 26172445SassarChanges in release 0.2t: 26272445Sassar 26372445Sassar * bug fixes 26472445Sassar 26572445SassarChanges in release 0.2s: 26672445Sassar 26772445Sassar * add OpenLDAP support in hdb 26872445Sassar 26972445Sassar * login will get v4 tickets when it receives forwarded tickets 27072445Sassar 27172445Sassar * xnlock supports both v5 and v4 27272445Sassar 27372445Sassar * repair source routing for telnet 27472445Sassar 27572445Sassar * fix building problems with krb4 (krb_mk_req) 27672445Sassar 27772445Sassar * bug fixes 27872445Sassar 27972445SassarChanges in release 0.2r: 28072445Sassar 28172445Sassar * fix realloc memory corruption bug in kdc 28272445Sassar 28372445Sassar * `add --key' and `cpw --key' in kadmin 28472445Sassar 28572445Sassar * klist supports listing v4 tickets 28672445Sassar 28772445Sassar * update config.guess and config.sub 28872445Sassar 28972445Sassar * make v4 -> v5 principal name conversion more robust 29072445Sassar 29172445Sassar * support for anonymous tickets 29272445Sassar 29372445Sassar * new man-pages 29472445Sassar 29572445Sassar * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab. 29672445Sassar 29772445Sassar * use and set expiration and not password expiration when dumping 29872445Sassar to/from ka server databases / krb4 databases 29972445Sassar 30072445Sassar * make the code happier with 64-bit time_t 30172445Sassar 30272445Sassar * follow RFC2782 and by default do not look for non-underscore SRV names 30372445Sassar 30472445SassarChanges in release 0.2q: 30572445Sassar 30672445Sassar * bug fix in tcp-handling in kdc 30772445Sassar 30872445Sassar * bug fix in expand_hostname 30972445Sassar 31057422SmarkmChanges in release 0.2p: 31157422Smarkm 31257422Smarkm * bug fix in `kadmin load/merge' 31357422Smarkm 31457422Smarkm * bug fix in krb5_parse_address 31557422Smarkm 31657419SmarkmChanges in release 0.2o: 31757419Smarkm 31857419Smarkm * gss_{import,export}_sec_context added to libgssapi 31957419Smarkm 32057419Smarkm * new option --addresses to kdc (for listening on an explicit set of 32157419Smarkm addresses) 32257419Smarkm 32357419Smarkm * bug fixes in the krb4 and kaserver emulation part of the kdc 32457419Smarkm 32557419Smarkm * other bug fixes 32657419Smarkm 32757416SmarkmChanges in release 0.2n: 32857416Smarkm 32957416Smarkm * more robust parsing of dump files in kadmin 33057416Smarkm * changed default timestamp format for log messages to extended ISO 33157416Smarkm 8601 format (Y-M-DTH:M:S) 33257416Smarkm * changed md4/md5/sha1 APIes to be de-facto `standard' 33357416Smarkm * always make hostname into lower-case before creating principal 33457416Smarkm * small bits of more MIT-compatability 33557416Smarkm * bug fixes 33657416Smarkm 33755682SmarkmChanges in release 0.2m: 33855682Smarkm 33955682Smarkm * handle glibc's getaddrinfo() that returns several ai_canonname 34055682Smarkm 34155682Smarkm * new endian test 34255682Smarkm 34355682Smarkm * man pages fixes 34455682Smarkm 34555682SmarkmChanges in release 0.2l: 34655682Smarkm 34755682Smarkm * bug fixes 34855682Smarkm 34955682SmarkmChanges in release 0.2k: 35055682Smarkm 35155682Smarkm * better IPv6 test 35255682Smarkm 35355682Smarkm * make struct sockaddr_storage in roken work better on alphas 35455682Smarkm 35555682Smarkm * some missing [hn]to[hn]s fixed. 35655682Smarkm 35755682Smarkm * allow users to change their own passwords with kadmin (with initial 35855682Smarkm tickets) 35955682Smarkm 36055682Smarkm * fix stupid bug in parsing KDC specification 36155682Smarkm 36255682Smarkm * add `ktutil change' and `ktutil purge' 36355682Smarkm 36455682SmarkmChanges in release 0.2j: 36555682Smarkm 36655682Smarkm * builds on Irix 36755682Smarkm 36855682Smarkm * ftpd works in passive mode 36955682Smarkm 37055682Smarkm * should build on cygwin 37155682Smarkm 37255682Smarkm * work around broken IPv6-code on OpenBSD 2.6, also add configure 37355682Smarkm option --disable-ipv6 37455682Smarkm 37555682SmarkmChanges in release 0.2i: 37655682Smarkm 37755682Smarkm * use getaddrinfo in the missing places. 37855682Smarkm 37955682Smarkm * fix SRV lookup for admin server 38055682Smarkm 38155682Smarkm * use get{addr,name}info everywhere. and implement it in terms of 38255682Smarkm getipnodeby{name,addr} (which uses gethostbyname{,2} and 38355682Smarkm gethostbyaddr) 38455682Smarkm 38555682SmarkmChanges in release 0.2h: 38655682Smarkm 38755682Smarkm * fix typo in kx (now compiles) 38855682Smarkm 38955682SmarkmChanges in release 0.2g: 39055682Smarkm 39155682Smarkm * lots of bug fixes: 39255682Smarkm * push works 39355682Smarkm * repair appl/test programs 39455682Smarkm * sockaddr_storage works on solaris (alignment issues) 39555682Smarkm * works better with non-roken getaddrinfo 39655682Smarkm * rsh works 39755682Smarkm * some non standard C constructs removed 39855682Smarkm 39955682SmarkmChanges in release 0.2f: 40055682Smarkm 40155682Smarkm * support SRV records for kpasswd 40255682Smarkm * look for both _kerberos and krb5-realm when doing host -> realm mapping 40355682Smarkm 40455682SmarkmChanges in release 0.2e: 40555682Smarkm 40655682Smarkm * changed copyright notices to remove `advertising'-clause. 40755682Smarkm * get{addr,name}info added to roken and used in the other code 40855682Smarkm (this makes things work much better with hosts with both v4 and v6 40955682Smarkm addresses, among other things) 41055682Smarkm * do pre-auth for both password and key-based get_in_tkt 41155682Smarkm * support for having several databases 41255682Smarkm * new command `del_enctype' in kadmin 41355682Smarkm * strptime (and new strftime) add to roken 41455682Smarkm * more paranoia about finding libdb 41555682Smarkm * bug fixes 41655682Smarkm 41755682SmarkmChanges in release 0.2d: 41855682Smarkm 41955682Smarkm * new configuration option [libdefaults]default_etypes_des 42055682Smarkm * internal ls in ftpd builds without KRB4 42155682Smarkm * kx/rsh/push/pop_debug tries v5 and v4 consistenly 42255682Smarkm * build bug fixes 42355682Smarkm * other bug fixes 42455682Smarkm 42555682SmarkmChanges in release 0.2c: 42655682Smarkm 42755682Smarkm * bug fixes (see ChangeLog's for details) 42855682Smarkm 42955682SmarkmChanges in release 0.2b: 43055682Smarkm 43155682Smarkm * bug fixes 43255682Smarkm * actually bump shared library versions 43355682Smarkm 43455682SmarkmChanges in release 0.2a: 43555682Smarkm 43655682Smarkm * a new program verify_krb5_conf for checking your /etc/krb5.conf 43755682Smarkm * add 3DES keys when changing password 43855682Smarkm * support null keys in database 43955682Smarkm * support multiple local realms 44055682Smarkm * implement a keytab backend for AFS KeyFile's 44155682Smarkm * implement a keytab backend for v4 srvtabs 44255682Smarkm * implement `ktutil copy' 44355682Smarkm * support password quality control in v4 kadmind 44455682Smarkm * improvements in v4 compat kadmind 44555682Smarkm * handle the case of having the correct cred in the ccache but with 44655682Smarkm the wrong encryption type better 44755682Smarkm * v6-ify the remaining programs. 44855682Smarkm * internal ls in ftpd 44955682Smarkm * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat 45055682Smarkm * add `ank --random-password' and `cpw --random-password' in kadmin 45155682Smarkm * some programs and documentation for trying to talk to a W2K KDC 45255682Smarkm * bug fixes 45355682Smarkm 45455682SmarkmChanges in release 0.1m: 45555682Smarkm 45655682Smarkm * support for getting default from krb5.conf for kinit/kf/rsh/telnet. 45755682Smarkm From Miroslav Ruda <ruda@ics.muni.cz> 45855682Smarkm * v6-ify hprop and hpropd 45955682Smarkm * support numeric addresses in krb5_mk_req 46055682Smarkm * shadow support in login and su. From Miroslav Ruda <ruda@ics.muni.cz> 46155682Smarkm * make rsh/rshd IPv6-aware 46255682Smarkm * make the gssapi sample applications better at reporting errors 46355682Smarkm * lots of bug fixes 46455682Smarkm * handle systems with v6-aware libc and non-v6 kernels (like Linux 46555682Smarkm with glibc 2.1) better 46655682Smarkm * hide failure of ERPT in ftp 46755682Smarkm * lots of bug fixes 46855682Smarkm 46955682SmarkmChanges in release 0.1l: 47055682Smarkm 47155682Smarkm * make ftp and ftpd IPv6-aware 47255682Smarkm * add inet_pton to roken 47355682Smarkm * more IPv6-awareness 47455682Smarkm * make mini_inetd v6 aware 47555682Smarkm 47655682SmarkmChanges in release 0.1k: 47755682Smarkm 47855682Smarkm * bump shared libraries versions 47955682Smarkm * add roken version of inet_ntop 48055682Smarkm * merge more changes to rshd 48155682Smarkm 48255682SmarkmChanges in release 0.1j: 48355682Smarkm 48455682Smarkm * restore back to the `old' 3DES code. This was supposed to be done 48555682Smarkm in 0.1h and 0.1i but I did a CVS screw-up. 48655682Smarkm * make telnetd handle v6 connections 48755682Smarkm 48855682SmarkmChanges in release 0.1i: 48955682Smarkm 49055682Smarkm * start using `struct sockaddr_storage' which simplifies the code 49155682Smarkm (with a fallback definition if it's not defined) 49255682Smarkm * bug fixes (including in hprop and kf) 49355682Smarkm * don't use mawk which seems to mishandle roken.awk 49455682Smarkm * get_addrs should be able to handle v6 addresses on Linux (with the 49555682Smarkm required patch to the Linux kernel -- ask within) 49655682Smarkm * rshd builds with shadow passwords 49755682Smarkm 49855682SmarkmChanges in release 0.1h: 49955682Smarkm 50055682Smarkm * kf: new program for forwarding credentials 50155682Smarkm * portability fixes 50255682Smarkm * make forwarding credentials work with MIT code 50355682Smarkm * better conversion of ka database 50455682Smarkm * add etc/services.append 50555682Smarkm * correct `modified by' from kpasswdd 50655682Smarkm * lots of bug fixes 50755682Smarkm 50855682SmarkmChanges in release 0.1g: 50955682Smarkm 51055682Smarkm * kgetcred: new program for explicitly obtaining tickets 51155682Smarkm * configure fixes 51255682Smarkm * krb5-aware kx 51355682Smarkm * bug fixes 51455682Smarkm 51555682SmarkmChanges in release 0.1f; 51655682Smarkm 51755682Smarkm * experimental support for v4 kadmin protokoll in kadmind 51855682Smarkm * bug fixes 51955682Smarkm 52055682SmarkmChanges in release 0.1e: 52155682Smarkm 52255682Smarkm * try to handle old DCE and MIT kdcs 52355682Smarkm * support for older versions of credential cache files and keytabs 52455682Smarkm * postdated tickets work 52555682Smarkm * support for password quality checks in kpasswdd 52655682Smarkm * new flag --enable-kaserver for kdc 52755682Smarkm * renew fixes 52855682Smarkm * prototype su program 52955682Smarkm * updated (some) manpages 53055682Smarkm * support for KDC resource records 53155682Smarkm * should build with --without-krb4 53255682Smarkm * bug fixes 53355682Smarkm 53455682SmarkmChanges in release 0.1d: 53555682Smarkm 53655682Smarkm * Support building with DB2 (uses 1.85-compat API) 53755682Smarkm * Support krb5-realm.DOMAIN in DNS 53855682Smarkm * new `ktutil srvcreate' 53955682Smarkm * v4/kafs support in klist/kdestroy 54055682Smarkm * bug fixes 54155682Smarkm 54255682SmarkmChanges in release 0.1c: 54355682Smarkm 54455682Smarkm * fix ASN.1 encoding of signed integers 54555682Smarkm * somewhat working `ktutil get' 54655682Smarkm * some documentation updates 54755682Smarkm * update to Autoconf 2.13 and Automake 1.4 54855682Smarkm * the usual bug fixes 54955682Smarkm 55055682SmarkmChanges in release 0.1b: 55155682Smarkm 55255682Smarkm * some old -> new crypto conversion utils 55355682Smarkm * bug fixes 55455682Smarkm 55555682SmarkmChanges in release 0.1a: 55655682Smarkm 55755682Smarkm * new crypto code 55855682Smarkm * more bug fixes 55955682Smarkm * make sure we ask for DES keys in gssapi 56055682Smarkm * support signed ints in ASN1 56155682Smarkm * IPv6-bug fixes 56255682Smarkm 56355682SmarkmChanges in release 0.0u: 56455682Smarkm 56555682Smarkm * lots of bug fixes 56655682Smarkm 56755682SmarkmChanges in release 0.0t: 56855682Smarkm 56955682Smarkm * more robust parsing of krb5.conf 57055682Smarkm * include net{read,write} in lib/roken 57155682Smarkm * bug fixes 57255682Smarkm 57355682SmarkmChanges in release 0.0s: 57455682Smarkm 57555682Smarkm * kludges for parsing options to rsh 57655682Smarkm * more robust parsing of krb5.conf 57755682Smarkm * removed some arbitrary limits 57855682Smarkm * bug fixes 57955682Smarkm 58055682SmarkmChanges in release 0.0r: 58155682Smarkm 58255682Smarkm * default options for some programs 58355682Smarkm * bug fixes 58455682Smarkm 58555682SmarkmChanges in release 0.0q: 58655682Smarkm 58755682Smarkm * support for building shared libraries with libtool 58855682Smarkm * bug fixes 58955682Smarkm 59055682SmarkmChanges in release 0.0p: 59155682Smarkm 59255682Smarkm * keytab moved to /etc/krb5.keytab 59355682Smarkm * avoid false detection of IPv6 on Linux 59455682Smarkm * Lots of more functionality in the gssapi-library 59555682Smarkm * hprop can now read ka-server databases 59655682Smarkm * bug fixes 59755682Smarkm 59855682SmarkmChanges in release 0.0o: 59955682Smarkm 60055682Smarkm * FTP with GSSAPI support. 60155682Smarkm * Bug fixes. 60255682Smarkm 60355682SmarkmChanges in release 0.0n: 60455682Smarkm 60555682Smarkm * Incremental database propagation. 60655682Smarkm * Somewhat improved kadmin ui; the stuff in admin is now removed. 60755682Smarkm * Some support for using enctypes instead of keytypes. 60855682Smarkm * Lots of other improvement and bug fixes, see ChangeLog for details. 609