NEWS revision 90926
190926SnectarChanges in release 0.4e 290926Snectar 390926Snectar * improve libcrypto and database autoconf tests 490926Snectar 590926Snectar * do not care about salting of server principals when serving v4 requests 690926Snectar 790926Snectar * some improvements to gssapi library 890926Snectar 990926Snectar * test for existing compile_et/libcom_err 1090926Snectar 1190926Snectar * portability fixes 1290926Snectar 1390926Snectar * bug fixes 1490926Snectar 1590926SnectarChanges in release 0.4d 1690926Snectar 1790926Snectar * fix some problems when using libcrypto from openssl 1890926Snectar 1990926Snectar * handle /dev/ptmx `unix98' ptys on Linux 2090926Snectar 2190926Snectar * add some forgotten man pages 2290926Snectar 2390926Snectar * rsh: clean-up and add man page 2490926Snectar 2590926Snectar * fix -A and -a in builtin-ls in tpd 2690926Snectar 2790926Snectar * fix building problem on Irix 2890926Snectar 2990926Snectar * make `ktutil get' more efficient 3090926Snectar 3190926Snectar * bug fixes 3290926Snectar 3390926SnectarChanges in release 0.4c 3490926Snectar 3590926Snectar * fix buffer overrun in telnetd 3690926Snectar 3790926Snectar * repair some of the v4 fallback code in kinit 3890926Snectar 3990926Snectar * add more shared library dependencies 4090926Snectar 4190926Snectar * simplify and fix hprop handling of v4 databases 4290926Snectar 4390926Snectar * fix some building problems (osf's sia and osfc2 login) 4490926Snectar 4590926Snectar * bug fixes 4690926Snectar 4790926SnectarChanges in release 0.4b 4890926Snectar 4990926Snectar * update the shared library version numbers correctly 5090926Snectar 5190926SnectarChanges in release 0.4a 5290926Snectar 5390926Snectar * corrected key used for checksum in mk_safe, unfortunately this 5490926Snectar makes it backwards incompatible 5590926Snectar 5690926Snectar * update to autoconf 2.50, libtool 1.4 5790926Snectar 5890926Snectar * re-write dns/config lookups (krb5_krbhst API) 5990926Snectar 6090926Snectar * make order of using subkeys consistent 6190926Snectar 6290926Snectar * add man page links 6390926Snectar 6490926Snectar * add more man pages 6590926Snectar 6690926Snectar * remove rfc2052 support, now only rfc2782 is supported 6790926Snectar 6890926Snectar * always build with kaserver protocol support in the KDC (assuming 6990926Snectar KRB4 is enabled) and support for reading kaserver databases in 7090926Snectar hprop 7190926Snectar 7278527SassarChanges in release 0.3f 7378527Sassar 7478527Sassar * change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab, 7578527Sassar the new keytab type that tries both of these in order (SRVTAB is 7678527Sassar also an alias for krb4:) 7778527Sassar 7878527Sassar * improve error reporting and error handling (error messages should 7978527Sassar be more detailed and more useful) 8078527Sassar 8178527Sassar * improve building with openssl 8278527Sassar 8378527Sassar * add kadmin -K, rcp -F 8478527Sassar 8578527Sassar * fix two incorrect weak DES keys 8678527Sassar 8778527Sassar * fix building of kaserver compat in KDC 8878527Sassar 8978527Sassar * the API is closer to what MIT krb5 is using 9078527Sassar 9178527Sassar * more compatible with windows 2000 9278527Sassar 9378527Sassar * removed some memory leaks 9478527Sassar 9578527Sassar * bug fixes 9678527Sassar 9772445SassarChanges in release 0.3e 9872445Sassar 9972445Sassar * rcp program included 10072445Sassar 10172445Sassar * fix buffer overrun in ftpd 10272445Sassar 10372445Sassar * handle omitted sequence numbers as zeroes to handle MIT krb5 that 10472445Sassar cannot generate zero sequence numbers 10572445Sassar 10672445Sassar * handle v4 /.k files better 10772445Sassar 10872445Sassar * configure/portability fixes 10972445Sassar 11072445Sassar * fixes in parsing of options to kadmin (sub-)commands 11172445Sassar 11272445Sassar * handle errors in kadmin load better 11372445Sassar 11472445Sassar * bug fixes 11572445Sassar 11672445SassarChanges in release 0.3d 11772445Sassar 11872445Sassar * add krb5-config 11972445Sassar 12072445Sassar * fix a bug in 3des gss-api mechanism, making it compatible with the 12172445Sassar specification and the MIT implementation 12272445Sassar 12372445Sassar * make telnetd only allow a specific list of environment variables to 12472445Sassar stop it from setting `sensitive' variables 12572445Sassar 12672445Sassar * try to use an existing libdes 12772445Sassar 12872445Sassar * lib/krb5, kdc: use correct usage type for ap-req messages. This 12972445Sassar should improve compatability with MIT krb5 when using 3DES 13072445Sassar encryption types 13172445Sassar 13272445Sassar * kdc: fix memory allocation problem 13372445Sassar 13472445Sassar * update config.guess and config.sub 13572445Sassar 13672445Sassar * lib/roken: more stuff implemented 13772445Sassar 13872445Sassar * bug fixes and portability enhancements 13972445Sassar 14072445SassarChanges in release 0.3c 14172445Sassar 14272445Sassar * lib/krb5: memory caches now support the resolve operation 14372445Sassar 14472445Sassar * appl/login: set PATH to some sane default 14572445Sassar 14672445Sassar * kadmind: handle several realms 14772445Sassar 14872445Sassar * bug fixes (including memory leaks) 14972445Sassar 15072445SassarChanges in release 0.3b 15172445Sassar 15272445Sassar * kdc: prefer default-salted keys on v5 requests 15372445Sassar 15472445Sassar * kdc: lowercase hostnames in v4 mode 15572445Sassar 15672445Sassar * hprop: handle more types of MIT salts 15772445Sassar 15872445Sassar * lib/krb5: fix memory leak 15972445Sassar 16072445Sassar * bug fixes 16172445Sassar 16272445SassarChanges in release 0.3a: 16372445Sassar 16472445Sassar * implement arcfour-hmac-md5 to interoperate with W2K 16572445Sassar 16672445Sassar * modularise the handling of the master key, and allow for other 16772445Sassar encryption types. This makes it easier to import a database from 16872445Sassar some other source without having to re-encrypt all keys. 16972445Sassar 17072445Sassar * allow for better control over which encryption types are created 17172445Sassar 17272445Sassar * make kinit fallback to v4 if given a v4 KDC 17372445Sassar 17472445Sassar * make klist work better with v4 and v5, and add some more MIT 17572445Sassar compatibility options 17672445Sassar 17772445Sassar * make the kdc listen on the krb524 (4444) port for compatibility 17872445Sassar with MIT krb5 clients 17972445Sassar 18072445Sassar * implement more DCE/DFS support, enabled with --enable-dce, see 18172445Sassar lib/kdfs and appl/dceutils 18272445Sassar 18372445Sassar * make the sequence numbers work correctly 18472445Sassar 18572445Sassar * bug fixes 18672445Sassar 18772445SassarChanges in release 0.2t: 18872445Sassar 18972445Sassar * bug fixes 19072445Sassar 19172445SassarChanges in release 0.2s: 19272445Sassar 19372445Sassar * add OpenLDAP support in hdb 19472445Sassar 19572445Sassar * login will get v4 tickets when it receives forwarded tickets 19672445Sassar 19772445Sassar * xnlock supports both v5 and v4 19872445Sassar 19972445Sassar * repair source routing for telnet 20072445Sassar 20172445Sassar * fix building problems with krb4 (krb_mk_req) 20272445Sassar 20372445Sassar * bug fixes 20472445Sassar 20572445SassarChanges in release 0.2r: 20672445Sassar 20772445Sassar * fix realloc memory corruption bug in kdc 20872445Sassar 20972445Sassar * `add --key' and `cpw --key' in kadmin 21072445Sassar 21172445Sassar * klist supports listing v4 tickets 21272445Sassar 21372445Sassar * update config.guess and config.sub 21472445Sassar 21572445Sassar * make v4 -> v5 principal name conversion more robust 21672445Sassar 21772445Sassar * support for anonymous tickets 21872445Sassar 21972445Sassar * new man-pages 22072445Sassar 22172445Sassar * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab. 22272445Sassar 22372445Sassar * use and set expiration and not password expiration when dumping 22472445Sassar to/from ka server databases / krb4 databases 22572445Sassar 22672445Sassar * make the code happier with 64-bit time_t 22772445Sassar 22872445Sassar * follow RFC2782 and by default do not look for non-underscore SRV names 22972445Sassar 23072445SassarChanges in release 0.2q: 23172445Sassar 23272445Sassar * bug fix in tcp-handling in kdc 23372445Sassar 23472445Sassar * bug fix in expand_hostname 23572445Sassar 23657422SmarkmChanges in release 0.2p: 23757422Smarkm 23857422Smarkm * bug fix in `kadmin load/merge' 23957422Smarkm 24057422Smarkm * bug fix in krb5_parse_address 24157422Smarkm 24257419SmarkmChanges in release 0.2o: 24357419Smarkm 24457419Smarkm * gss_{import,export}_sec_context added to libgssapi 24557419Smarkm 24657419Smarkm * new option --addresses to kdc (for listening on an explicit set of 24757419Smarkm addresses) 24857419Smarkm 24957419Smarkm * bug fixes in the krb4 and kaserver emulation part of the kdc 25057419Smarkm 25157419Smarkm * other bug fixes 25257419Smarkm 25357416SmarkmChanges in release 0.2n: 25457416Smarkm 25557416Smarkm * more robust parsing of dump files in kadmin 25657416Smarkm * changed default timestamp format for log messages to extended ISO 25757416Smarkm 8601 format (Y-M-DTH:M:S) 25857416Smarkm * changed md4/md5/sha1 APIes to be de-facto `standard' 25957416Smarkm * always make hostname into lower-case before creating principal 26057416Smarkm * small bits of more MIT-compatability 26157416Smarkm * bug fixes 26257416Smarkm 26355682SmarkmChanges in release 0.2m: 26455682Smarkm 26555682Smarkm * handle glibc's getaddrinfo() that returns several ai_canonname 26655682Smarkm 26755682Smarkm * new endian test 26855682Smarkm 26955682Smarkm * man pages fixes 27055682Smarkm 27155682SmarkmChanges in release 0.2l: 27255682Smarkm 27355682Smarkm * bug fixes 27455682Smarkm 27555682SmarkmChanges in release 0.2k: 27655682Smarkm 27755682Smarkm * better IPv6 test 27855682Smarkm 27955682Smarkm * make struct sockaddr_storage in roken work better on alphas 28055682Smarkm 28155682Smarkm * some missing [hn]to[hn]s fixed. 28255682Smarkm 28355682Smarkm * allow users to change their own passwords with kadmin (with initial 28455682Smarkm tickets) 28555682Smarkm 28655682Smarkm * fix stupid bug in parsing KDC specification 28755682Smarkm 28855682Smarkm * add `ktutil change' and `ktutil purge' 28955682Smarkm 29055682SmarkmChanges in release 0.2j: 29155682Smarkm 29255682Smarkm * builds on Irix 29355682Smarkm 29455682Smarkm * ftpd works in passive mode 29555682Smarkm 29655682Smarkm * should build on cygwin 29755682Smarkm 29855682Smarkm * work around broken IPv6-code on OpenBSD 2.6, also add configure 29955682Smarkm option --disable-ipv6 30055682Smarkm 30155682SmarkmChanges in release 0.2i: 30255682Smarkm 30355682Smarkm * use getaddrinfo in the missing places. 30455682Smarkm 30555682Smarkm * fix SRV lookup for admin server 30655682Smarkm 30755682Smarkm * use get{addr,name}info everywhere. and implement it in terms of 30855682Smarkm getipnodeby{name,addr} (which uses gethostbyname{,2} and 30955682Smarkm gethostbyaddr) 31055682Smarkm 31155682SmarkmChanges in release 0.2h: 31255682Smarkm 31355682Smarkm * fix typo in kx (now compiles) 31455682Smarkm 31555682SmarkmChanges in release 0.2g: 31655682Smarkm 31755682Smarkm * lots of bug fixes: 31855682Smarkm * push works 31955682Smarkm * repair appl/test programs 32055682Smarkm * sockaddr_storage works on solaris (alignment issues) 32155682Smarkm * works better with non-roken getaddrinfo 32255682Smarkm * rsh works 32355682Smarkm * some non standard C constructs removed 32455682Smarkm 32555682SmarkmChanges in release 0.2f: 32655682Smarkm 32755682Smarkm * support SRV records for kpasswd 32855682Smarkm * look for both _kerberos and krb5-realm when doing host -> realm mapping 32955682Smarkm 33055682SmarkmChanges in release 0.2e: 33155682Smarkm 33255682Smarkm * changed copyright notices to remove `advertising'-clause. 33355682Smarkm * get{addr,name}info added to roken and used in the other code 33455682Smarkm (this makes things work much better with hosts with both v4 and v6 33555682Smarkm addresses, among other things) 33655682Smarkm * do pre-auth for both password and key-based get_in_tkt 33755682Smarkm * support for having several databases 33855682Smarkm * new command `del_enctype' in kadmin 33955682Smarkm * strptime (and new strftime) add to roken 34055682Smarkm * more paranoia about finding libdb 34155682Smarkm * bug fixes 34255682Smarkm 34355682SmarkmChanges in release 0.2d: 34455682Smarkm 34555682Smarkm * new configuration option [libdefaults]default_etypes_des 34655682Smarkm * internal ls in ftpd builds without KRB4 34755682Smarkm * kx/rsh/push/pop_debug tries v5 and v4 consistenly 34855682Smarkm * build bug fixes 34955682Smarkm * other bug fixes 35055682Smarkm 35155682SmarkmChanges in release 0.2c: 35255682Smarkm 35355682Smarkm * bug fixes (see ChangeLog's for details) 35455682Smarkm 35555682SmarkmChanges in release 0.2b: 35655682Smarkm 35755682Smarkm * bug fixes 35855682Smarkm * actually bump shared library versions 35955682Smarkm 36055682SmarkmChanges in release 0.2a: 36155682Smarkm 36255682Smarkm * a new program verify_krb5_conf for checking your /etc/krb5.conf 36355682Smarkm * add 3DES keys when changing password 36455682Smarkm * support null keys in database 36555682Smarkm * support multiple local realms 36655682Smarkm * implement a keytab backend for AFS KeyFile's 36755682Smarkm * implement a keytab backend for v4 srvtabs 36855682Smarkm * implement `ktutil copy' 36955682Smarkm * support password quality control in v4 kadmind 37055682Smarkm * improvements in v4 compat kadmind 37155682Smarkm * handle the case of having the correct cred in the ccache but with 37255682Smarkm the wrong encryption type better 37355682Smarkm * v6-ify the remaining programs. 37455682Smarkm * internal ls in ftpd 37555682Smarkm * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat 37655682Smarkm * add `ank --random-password' and `cpw --random-password' in kadmin 37755682Smarkm * some programs and documentation for trying to talk to a W2K KDC 37855682Smarkm * bug fixes 37955682Smarkm 38055682SmarkmChanges in release 0.1m: 38155682Smarkm 38255682Smarkm * support for getting default from krb5.conf for kinit/kf/rsh/telnet. 38355682Smarkm From Miroslav Ruda <ruda@ics.muni.cz> 38455682Smarkm * v6-ify hprop and hpropd 38555682Smarkm * support numeric addresses in krb5_mk_req 38655682Smarkm * shadow support in login and su. From Miroslav Ruda <ruda@ics.muni.cz> 38755682Smarkm * make rsh/rshd IPv6-aware 38855682Smarkm * make the gssapi sample applications better at reporting errors 38955682Smarkm * lots of bug fixes 39055682Smarkm * handle systems with v6-aware libc and non-v6 kernels (like Linux 39155682Smarkm with glibc 2.1) better 39255682Smarkm * hide failure of ERPT in ftp 39355682Smarkm * lots of bug fixes 39455682Smarkm 39555682SmarkmChanges in release 0.1l: 39655682Smarkm 39755682Smarkm * make ftp and ftpd IPv6-aware 39855682Smarkm * add inet_pton to roken 39955682Smarkm * more IPv6-awareness 40055682Smarkm * make mini_inetd v6 aware 40155682Smarkm 40255682SmarkmChanges in release 0.1k: 40355682Smarkm 40455682Smarkm * bump shared libraries versions 40555682Smarkm * add roken version of inet_ntop 40655682Smarkm * merge more changes to rshd 40755682Smarkm 40855682SmarkmChanges in release 0.1j: 40955682Smarkm 41055682Smarkm * restore back to the `old' 3DES code. This was supposed to be done 41155682Smarkm in 0.1h and 0.1i but I did a CVS screw-up. 41255682Smarkm * make telnetd handle v6 connections 41355682Smarkm 41455682SmarkmChanges in release 0.1i: 41555682Smarkm 41655682Smarkm * start using `struct sockaddr_storage' which simplifies the code 41755682Smarkm (with a fallback definition if it's not defined) 41855682Smarkm * bug fixes (including in hprop and kf) 41955682Smarkm * don't use mawk which seems to mishandle roken.awk 42055682Smarkm * get_addrs should be able to handle v6 addresses on Linux (with the 42155682Smarkm required patch to the Linux kernel -- ask within) 42255682Smarkm * rshd builds with shadow passwords 42355682Smarkm 42455682SmarkmChanges in release 0.1h: 42555682Smarkm 42655682Smarkm * kf: new program for forwarding credentials 42755682Smarkm * portability fixes 42855682Smarkm * make forwarding credentials work with MIT code 42955682Smarkm * better conversion of ka database 43055682Smarkm * add etc/services.append 43155682Smarkm * correct `modified by' from kpasswdd 43255682Smarkm * lots of bug fixes 43355682Smarkm 43455682SmarkmChanges in release 0.1g: 43555682Smarkm 43655682Smarkm * kgetcred: new program for explicitly obtaining tickets 43755682Smarkm * configure fixes 43855682Smarkm * krb5-aware kx 43955682Smarkm * bug fixes 44055682Smarkm 44155682SmarkmChanges in release 0.1f; 44255682Smarkm 44355682Smarkm * experimental support for v4 kadmin protokoll in kadmind 44455682Smarkm * bug fixes 44555682Smarkm 44655682SmarkmChanges in release 0.1e: 44755682Smarkm 44855682Smarkm * try to handle old DCE and MIT kdcs 44955682Smarkm * support for older versions of credential cache files and keytabs 45055682Smarkm * postdated tickets work 45155682Smarkm * support for password quality checks in kpasswdd 45255682Smarkm * new flag --enable-kaserver for kdc 45355682Smarkm * renew fixes 45455682Smarkm * prototype su program 45555682Smarkm * updated (some) manpages 45655682Smarkm * support for KDC resource records 45755682Smarkm * should build with --without-krb4 45855682Smarkm * bug fixes 45955682Smarkm 46055682SmarkmChanges in release 0.1d: 46155682Smarkm 46255682Smarkm * Support building with DB2 (uses 1.85-compat API) 46355682Smarkm * Support krb5-realm.DOMAIN in DNS 46455682Smarkm * new `ktutil srvcreate' 46555682Smarkm * v4/kafs support in klist/kdestroy 46655682Smarkm * bug fixes 46755682Smarkm 46855682SmarkmChanges in release 0.1c: 46955682Smarkm 47055682Smarkm * fix ASN.1 encoding of signed integers 47155682Smarkm * somewhat working `ktutil get' 47255682Smarkm * some documentation updates 47355682Smarkm * update to Autoconf 2.13 and Automake 1.4 47455682Smarkm * the usual bug fixes 47555682Smarkm 47655682SmarkmChanges in release 0.1b: 47755682Smarkm 47855682Smarkm * some old -> new crypto conversion utils 47955682Smarkm * bug fixes 48055682Smarkm 48155682SmarkmChanges in release 0.1a: 48255682Smarkm 48355682Smarkm * new crypto code 48455682Smarkm * more bug fixes 48555682Smarkm * make sure we ask for DES keys in gssapi 48655682Smarkm * support signed ints in ASN1 48755682Smarkm * IPv6-bug fixes 48855682Smarkm 48955682SmarkmChanges in release 0.0u: 49055682Smarkm 49155682Smarkm * lots of bug fixes 49255682Smarkm 49355682SmarkmChanges in release 0.0t: 49455682Smarkm 49555682Smarkm * more robust parsing of krb5.conf 49655682Smarkm * include net{read,write} in lib/roken 49755682Smarkm * bug fixes 49855682Smarkm 49955682SmarkmChanges in release 0.0s: 50055682Smarkm 50155682Smarkm * kludges for parsing options to rsh 50255682Smarkm * more robust parsing of krb5.conf 50355682Smarkm * removed some arbitrary limits 50455682Smarkm * bug fixes 50555682Smarkm 50655682SmarkmChanges in release 0.0r: 50755682Smarkm 50855682Smarkm * default options for some programs 50955682Smarkm * bug fixes 51055682Smarkm 51155682SmarkmChanges in release 0.0q: 51255682Smarkm 51355682Smarkm * support for building shared libraries with libtool 51455682Smarkm * bug fixes 51555682Smarkm 51655682SmarkmChanges in release 0.0p: 51755682Smarkm 51855682Smarkm * keytab moved to /etc/krb5.keytab 51955682Smarkm * avoid false detection of IPv6 on Linux 52055682Smarkm * Lots of more functionality in the gssapi-library 52155682Smarkm * hprop can now read ka-server databases 52255682Smarkm * bug fixes 52355682Smarkm 52455682SmarkmChanges in release 0.0o: 52555682Smarkm 52655682Smarkm * FTP with GSSAPI support. 52755682Smarkm * Bug fixes. 52855682Smarkm 52955682SmarkmChanges in release 0.0n: 53055682Smarkm 53155682Smarkm * Incremental database propagation. 53255682Smarkm * Somewhat improved kadmin ui; the stuff in admin is now removed. 53355682Smarkm * Some support for using enctypes instead of keytypes. 53455682Smarkm * Lots of other improvement and bug fixes, see ChangeLog for details. 535