NEWS revision 72445
172445SassarChanges in release 0.3e 272445Sassar 372445Sassar * rcp program included 472445Sassar 572445Sassar * fix buffer overrun in ftpd 672445Sassar 772445Sassar * handle omitted sequence numbers as zeroes to handle MIT krb5 that 872445Sassar cannot generate zero sequence numbers 972445Sassar 1072445Sassar * handle v4 /.k files better 1172445Sassar 1272445Sassar * configure/portability fixes 1372445Sassar 1472445Sassar * fixes in parsing of options to kadmin (sub-)commands 1572445Sassar 1672445Sassar * handle errors in kadmin load better 1772445Sassar 1872445Sassar * bug fixes 1972445Sassar 2072445SassarChanges in release 0.3d 2172445Sassar 2272445Sassar * add krb5-config 2372445Sassar 2472445Sassar * fix a bug in 3des gss-api mechanism, making it compatible with the 2572445Sassar specification and the MIT implementation 2672445Sassar 2772445Sassar * make telnetd only allow a specific list of environment variables to 2872445Sassar stop it from setting `sensitive' variables 2972445Sassar 3072445Sassar * try to use an existing libdes 3172445Sassar 3272445Sassar * lib/krb5, kdc: use correct usage type for ap-req messages. This 3372445Sassar should improve compatability with MIT krb5 when using 3DES 3472445Sassar encryption types 3572445Sassar 3672445Sassar * kdc: fix memory allocation problem 3772445Sassar 3872445Sassar * update config.guess and config.sub 3972445Sassar 4072445Sassar * lib/roken: more stuff implemented 4172445Sassar 4272445Sassar * bug fixes and portability enhancements 4372445Sassar 4472445SassarChanges in release 0.3c 4572445Sassar 4672445Sassar * lib/krb5: memory caches now support the resolve operation 4772445Sassar 4872445Sassar * appl/login: set PATH to some sane default 4972445Sassar 5072445Sassar * kadmind: handle several realms 5172445Sassar 5272445Sassar * bug fixes (including memory leaks) 5372445Sassar 5472445SassarChanges in release 0.3b 5572445Sassar 5672445Sassar * kdc: prefer default-salted keys on v5 requests 5772445Sassar 5872445Sassar * kdc: lowercase hostnames in v4 mode 5972445Sassar 6072445Sassar * hprop: handle more types of MIT salts 6172445Sassar 6272445Sassar * lib/krb5: fix memory leak 6372445Sassar 6472445Sassar * bug fixes 6572445Sassar 6672445SassarChanges in release 0.3a: 6772445Sassar 6872445Sassar * implement arcfour-hmac-md5 to interoperate with W2K 6972445Sassar 7072445Sassar * modularise the handling of the master key, and allow for other 7172445Sassar encryption types. This makes it easier to import a database from 7272445Sassar some other source without having to re-encrypt all keys. 7372445Sassar 7472445Sassar * allow for better control over which encryption types are created 7572445Sassar 7672445Sassar * make kinit fallback to v4 if given a v4 KDC 7772445Sassar 7872445Sassar * make klist work better with v4 and v5, and add some more MIT 7972445Sassar compatibility options 8072445Sassar 8172445Sassar * make the kdc listen on the krb524 (4444) port for compatibility 8272445Sassar with MIT krb5 clients 8372445Sassar 8472445Sassar * implement more DCE/DFS support, enabled with --enable-dce, see 8572445Sassar lib/kdfs and appl/dceutils 8672445Sassar 8772445Sassar * make the sequence numbers work correctly 8872445Sassar 8972445Sassar * bug fixes 9072445Sassar 9172445SassarChanges in release 0.2t: 9272445Sassar 9372445Sassar * bug fixes 9472445Sassar 9572445SassarChanges in release 0.2s: 9672445Sassar 9772445Sassar * add OpenLDAP support in hdb 9872445Sassar 9972445Sassar * login will get v4 tickets when it receives forwarded tickets 10072445Sassar 10172445Sassar * xnlock supports both v5 and v4 10272445Sassar 10372445Sassar * repair source routing for telnet 10472445Sassar 10572445Sassar * fix building problems with krb4 (krb_mk_req) 10672445Sassar 10772445Sassar * bug fixes 10872445Sassar 10972445SassarChanges in release 0.2r: 11072445Sassar 11172445Sassar * fix realloc memory corruption bug in kdc 11272445Sassar 11372445Sassar * `add --key' and `cpw --key' in kadmin 11472445Sassar 11572445Sassar * klist supports listing v4 tickets 11672445Sassar 11772445Sassar * update config.guess and config.sub 11872445Sassar 11972445Sassar * make v4 -> v5 principal name conversion more robust 12072445Sassar 12172445Sassar * support for anonymous tickets 12272445Sassar 12372445Sassar * new man-pages 12472445Sassar 12572445Sassar * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab. 12672445Sassar 12772445Sassar * use and set expiration and not password expiration when dumping 12872445Sassar to/from ka server databases / krb4 databases 12972445Sassar 13072445Sassar * make the code happier with 64-bit time_t 13172445Sassar 13272445Sassar * follow RFC2782 and by default do not look for non-underscore SRV names 13372445Sassar 13472445SassarChanges in release 0.2q: 13572445Sassar 13672445Sassar * bug fix in tcp-handling in kdc 13772445Sassar 13872445Sassar * bug fix in expand_hostname 13972445Sassar 14057422SmarkmChanges in release 0.2p: 14157422Smarkm 14257422Smarkm * bug fix in `kadmin load/merge' 14357422Smarkm 14457422Smarkm * bug fix in krb5_parse_address 14557422Smarkm 14657419SmarkmChanges in release 0.2o: 14757419Smarkm 14857419Smarkm * gss_{import,export}_sec_context added to libgssapi 14957419Smarkm 15057419Smarkm * new option --addresses to kdc (for listening on an explicit set of 15157419Smarkm addresses) 15257419Smarkm 15357419Smarkm * bug fixes in the krb4 and kaserver emulation part of the kdc 15457419Smarkm 15557419Smarkm * other bug fixes 15657419Smarkm 15757416SmarkmChanges in release 0.2n: 15857416Smarkm 15957416Smarkm * more robust parsing of dump files in kadmin 16057416Smarkm * changed default timestamp format for log messages to extended ISO 16157416Smarkm 8601 format (Y-M-DTH:M:S) 16257416Smarkm * changed md4/md5/sha1 APIes to be de-facto `standard' 16357416Smarkm * always make hostname into lower-case before creating principal 16457416Smarkm * small bits of more MIT-compatability 16557416Smarkm * bug fixes 16657416Smarkm 16755682SmarkmChanges in release 0.2m: 16855682Smarkm 16955682Smarkm * handle glibc's getaddrinfo() that returns several ai_canonname 17055682Smarkm 17155682Smarkm * new endian test 17255682Smarkm 17355682Smarkm * man pages fixes 17455682Smarkm 17555682SmarkmChanges in release 0.2l: 17655682Smarkm 17755682Smarkm * bug fixes 17855682Smarkm 17955682SmarkmChanges in release 0.2k: 18055682Smarkm 18155682Smarkm * better IPv6 test 18255682Smarkm 18355682Smarkm * make struct sockaddr_storage in roken work better on alphas 18455682Smarkm 18555682Smarkm * some missing [hn]to[hn]s fixed. 18655682Smarkm 18755682Smarkm * allow users to change their own passwords with kadmin (with initial 18855682Smarkm tickets) 18955682Smarkm 19055682Smarkm * fix stupid bug in parsing KDC specification 19155682Smarkm 19255682Smarkm * add `ktutil change' and `ktutil purge' 19355682Smarkm 19455682SmarkmChanges in release 0.2j: 19555682Smarkm 19655682Smarkm * builds on Irix 19755682Smarkm 19855682Smarkm * ftpd works in passive mode 19955682Smarkm 20055682Smarkm * should build on cygwin 20155682Smarkm 20255682Smarkm * work around broken IPv6-code on OpenBSD 2.6, also add configure 20355682Smarkm option --disable-ipv6 20455682Smarkm 20555682SmarkmChanges in release 0.2i: 20655682Smarkm 20755682Smarkm * use getaddrinfo in the missing places. 20855682Smarkm 20955682Smarkm * fix SRV lookup for admin server 21055682Smarkm 21155682Smarkm * use get{addr,name}info everywhere. and implement it in terms of 21255682Smarkm getipnodeby{name,addr} (which uses gethostbyname{,2} and 21355682Smarkm gethostbyaddr) 21455682Smarkm 21555682SmarkmChanges in release 0.2h: 21655682Smarkm 21755682Smarkm * fix typo in kx (now compiles) 21855682Smarkm 21955682SmarkmChanges in release 0.2g: 22055682Smarkm 22155682Smarkm * lots of bug fixes: 22255682Smarkm * push works 22355682Smarkm * repair appl/test programs 22455682Smarkm * sockaddr_storage works on solaris (alignment issues) 22555682Smarkm * works better with non-roken getaddrinfo 22655682Smarkm * rsh works 22755682Smarkm * some non standard C constructs removed 22855682Smarkm 22955682SmarkmChanges in release 0.2f: 23055682Smarkm 23155682Smarkm * support SRV records for kpasswd 23255682Smarkm * look for both _kerberos and krb5-realm when doing host -> realm mapping 23355682Smarkm 23455682SmarkmChanges in release 0.2e: 23555682Smarkm 23655682Smarkm * changed copyright notices to remove `advertising'-clause. 23755682Smarkm * get{addr,name}info added to roken and used in the other code 23855682Smarkm (this makes things work much better with hosts with both v4 and v6 23955682Smarkm addresses, among other things) 24055682Smarkm * do pre-auth for both password and key-based get_in_tkt 24155682Smarkm * support for having several databases 24255682Smarkm * new command `del_enctype' in kadmin 24355682Smarkm * strptime (and new strftime) add to roken 24455682Smarkm * more paranoia about finding libdb 24555682Smarkm * bug fixes 24655682Smarkm 24755682SmarkmChanges in release 0.2d: 24855682Smarkm 24955682Smarkm * new configuration option [libdefaults]default_etypes_des 25055682Smarkm * internal ls in ftpd builds without KRB4 25155682Smarkm * kx/rsh/push/pop_debug tries v5 and v4 consistenly 25255682Smarkm * build bug fixes 25355682Smarkm * other bug fixes 25455682Smarkm 25555682SmarkmChanges in release 0.2c: 25655682Smarkm 25755682Smarkm * bug fixes (see ChangeLog's for details) 25855682Smarkm 25955682SmarkmChanges in release 0.2b: 26055682Smarkm 26155682Smarkm * bug fixes 26255682Smarkm * actually bump shared library versions 26355682Smarkm 26455682SmarkmChanges in release 0.2a: 26555682Smarkm 26655682Smarkm * a new program verify_krb5_conf for checking your /etc/krb5.conf 26755682Smarkm * add 3DES keys when changing password 26855682Smarkm * support null keys in database 26955682Smarkm * support multiple local realms 27055682Smarkm * implement a keytab backend for AFS KeyFile's 27155682Smarkm * implement a keytab backend for v4 srvtabs 27255682Smarkm * implement `ktutil copy' 27355682Smarkm * support password quality control in v4 kadmind 27455682Smarkm * improvements in v4 compat kadmind 27555682Smarkm * handle the case of having the correct cred in the ccache but with 27655682Smarkm the wrong encryption type better 27755682Smarkm * v6-ify the remaining programs. 27855682Smarkm * internal ls in ftpd 27955682Smarkm * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat 28055682Smarkm * add `ank --random-password' and `cpw --random-password' in kadmin 28155682Smarkm * some programs and documentation for trying to talk to a W2K KDC 28255682Smarkm * bug fixes 28355682Smarkm 28455682SmarkmChanges in release 0.1m: 28555682Smarkm 28655682Smarkm * support for getting default from krb5.conf for kinit/kf/rsh/telnet. 28755682Smarkm From Miroslav Ruda <ruda@ics.muni.cz> 28855682Smarkm * v6-ify hprop and hpropd 28955682Smarkm * support numeric addresses in krb5_mk_req 29055682Smarkm * shadow support in login and su. From Miroslav Ruda <ruda@ics.muni.cz> 29155682Smarkm * make rsh/rshd IPv6-aware 29255682Smarkm * make the gssapi sample applications better at reporting errors 29355682Smarkm * lots of bug fixes 29455682Smarkm * handle systems with v6-aware libc and non-v6 kernels (like Linux 29555682Smarkm with glibc 2.1) better 29655682Smarkm * hide failure of ERPT in ftp 29755682Smarkm * lots of bug fixes 29855682Smarkm 29955682SmarkmChanges in release 0.1l: 30055682Smarkm 30155682Smarkm * make ftp and ftpd IPv6-aware 30255682Smarkm * add inet_pton to roken 30355682Smarkm * more IPv6-awareness 30455682Smarkm * make mini_inetd v6 aware 30555682Smarkm 30655682SmarkmChanges in release 0.1k: 30755682Smarkm 30855682Smarkm * bump shared libraries versions 30955682Smarkm * add roken version of inet_ntop 31055682Smarkm * merge more changes to rshd 31155682Smarkm 31255682SmarkmChanges in release 0.1j: 31355682Smarkm 31455682Smarkm * restore back to the `old' 3DES code. This was supposed to be done 31555682Smarkm in 0.1h and 0.1i but I did a CVS screw-up. 31655682Smarkm * make telnetd handle v6 connections 31755682Smarkm 31855682SmarkmChanges in release 0.1i: 31955682Smarkm 32055682Smarkm * start using `struct sockaddr_storage' which simplifies the code 32155682Smarkm (with a fallback definition if it's not defined) 32255682Smarkm * bug fixes (including in hprop and kf) 32355682Smarkm * don't use mawk which seems to mishandle roken.awk 32455682Smarkm * get_addrs should be able to handle v6 addresses on Linux (with the 32555682Smarkm required patch to the Linux kernel -- ask within) 32655682Smarkm * rshd builds with shadow passwords 32755682Smarkm 32855682SmarkmChanges in release 0.1h: 32955682Smarkm 33055682Smarkm * kf: new program for forwarding credentials 33155682Smarkm * portability fixes 33255682Smarkm * make forwarding credentials work with MIT code 33355682Smarkm * better conversion of ka database 33455682Smarkm * add etc/services.append 33555682Smarkm * correct `modified by' from kpasswdd 33655682Smarkm * lots of bug fixes 33755682Smarkm 33855682SmarkmChanges in release 0.1g: 33955682Smarkm 34055682Smarkm * kgetcred: new program for explicitly obtaining tickets 34155682Smarkm * configure fixes 34255682Smarkm * krb5-aware kx 34355682Smarkm * bug fixes 34455682Smarkm 34555682SmarkmChanges in release 0.1f; 34655682Smarkm 34755682Smarkm * experimental support for v4 kadmin protokoll in kadmind 34855682Smarkm * bug fixes 34955682Smarkm 35055682SmarkmChanges in release 0.1e: 35155682Smarkm 35255682Smarkm * try to handle old DCE and MIT kdcs 35355682Smarkm * support for older versions of credential cache files and keytabs 35455682Smarkm * postdated tickets work 35555682Smarkm * support for password quality checks in kpasswdd 35655682Smarkm * new flag --enable-kaserver for kdc 35755682Smarkm * renew fixes 35855682Smarkm * prototype su program 35955682Smarkm * updated (some) manpages 36055682Smarkm * support for KDC resource records 36155682Smarkm * should build with --without-krb4 36255682Smarkm * bug fixes 36355682Smarkm 36455682SmarkmChanges in release 0.1d: 36555682Smarkm 36655682Smarkm * Support building with DB2 (uses 1.85-compat API) 36755682Smarkm * Support krb5-realm.DOMAIN in DNS 36855682Smarkm * new `ktutil srvcreate' 36955682Smarkm * v4/kafs support in klist/kdestroy 37055682Smarkm * bug fixes 37155682Smarkm 37255682SmarkmChanges in release 0.1c: 37355682Smarkm 37455682Smarkm * fix ASN.1 encoding of signed integers 37555682Smarkm * somewhat working `ktutil get' 37655682Smarkm * some documentation updates 37755682Smarkm * update to Autoconf 2.13 and Automake 1.4 37855682Smarkm * the usual bug fixes 37955682Smarkm 38055682SmarkmChanges in release 0.1b: 38155682Smarkm 38255682Smarkm * some old -> new crypto conversion utils 38355682Smarkm * bug fixes 38455682Smarkm 38555682SmarkmChanges in release 0.1a: 38655682Smarkm 38755682Smarkm * new crypto code 38855682Smarkm * more bug fixes 38955682Smarkm * make sure we ask for DES keys in gssapi 39055682Smarkm * support signed ints in ASN1 39155682Smarkm * IPv6-bug fixes 39255682Smarkm 39355682SmarkmChanges in release 0.0u: 39455682Smarkm 39555682Smarkm * lots of bug fixes 39655682Smarkm 39755682SmarkmChanges in release 0.0t: 39855682Smarkm 39955682Smarkm * more robust parsing of krb5.conf 40055682Smarkm * include net{read,write} in lib/roken 40155682Smarkm * bug fixes 40255682Smarkm 40355682SmarkmChanges in release 0.0s: 40455682Smarkm 40555682Smarkm * kludges for parsing options to rsh 40655682Smarkm * more robust parsing of krb5.conf 40755682Smarkm * removed some arbitrary limits 40855682Smarkm * bug fixes 40955682Smarkm 41055682SmarkmChanges in release 0.0r: 41155682Smarkm 41255682Smarkm * default options for some programs 41355682Smarkm * bug fixes 41455682Smarkm 41555682SmarkmChanges in release 0.0q: 41655682Smarkm 41755682Smarkm * support for building shared libraries with libtool 41855682Smarkm * bug fixes 41955682Smarkm 42055682SmarkmChanges in release 0.0p: 42155682Smarkm 42255682Smarkm * keytab moved to /etc/krb5.keytab 42355682Smarkm * avoid false detection of IPv6 on Linux 42455682Smarkm * Lots of more functionality in the gssapi-library 42555682Smarkm * hprop can now read ka-server databases 42655682Smarkm * bug fixes 42755682Smarkm 42855682SmarkmChanges in release 0.0o: 42955682Smarkm 43055682Smarkm * FTP with GSSAPI support. 43155682Smarkm * Bug fixes. 43255682Smarkm 43355682SmarkmChanges in release 0.0n: 43455682Smarkm 43555682Smarkm * Incremental database propagation. 43655682Smarkm * Somewhat improved kadmin ui; the stuff in admin is now removed. 43755682Smarkm * Some support for using enctypes instead of keytypes. 43855682Smarkm * Lots of other improvement and bug fixes, see ChangeLog for details. 439