NEWS revision 102644 
1Changes in release 0.5
2
3 * add --detach option to kdc
4
5 * allow setting forward and forwardable option in telnet from
6   .telnetrc, with override from command line
7
8 * accept addresses with or without ports in krb5_rd_cred
9
10 * make it work with modern openssl
11
12 * use our own string2key function even with openssl (that handles weak
13   keys incorrectly)
14
15 * more system-specific requirements in login
16
17 * do not use getlogin() to determine root in su
18
19 * telnet: abort if telnetd does not support encryption
20
21 * update autoconf to 2.53
22
23 * update config.guess, config.sub
24
25 * other bug fixes
26
27Changes in release 0.4e
28
29 * improve libcrypto and database autoconf tests
30
31 * do not care about salting of server principals when serving v4 requests
32
33 * some improvements to gssapi library
34
35 * test for existing compile_et/libcom_err
36
37 * portability fixes
38
39 * bug fixes
40
41Changes in release 0.4d
42
43 * fix some problems when using libcrypto from openssl
44
45 * handle /dev/ptmx `unix98' ptys on Linux
46
47 * add some forgotten man pages
48
49 * rsh: clean-up and add man page
50
51 * fix -A and -a in builtin-ls in tpd
52
53 * fix building problem on Irix
54
55 * make `ktutil get' more efficient
56
57 * bug fixes
58
59Changes in release 0.4c
60
61 * fix buffer overrun in telnetd
62
63 * repair some of the v4 fallback code in kinit
64
65 * add more shared library dependencies
66
67 * simplify and fix hprop handling of v4 databases
68
69 * fix some building problems (osf's sia and osfc2 login)
70
71 * bug fixes
72
73Changes in release 0.4b
74
75 * update the shared library version numbers correctly
76
77Changes in release 0.4a
78
79 * corrected key used for checksum in mk_safe, unfortunately this
80   makes it backwards incompatible
81
82 * update to autoconf 2.50, libtool 1.4
83
84 * re-write dns/config lookups (krb5_krbhst API)
85
86 * make order of using subkeys consistent
87
88 * add man page links
89
90 * add more man pages
91
92 * remove rfc2052 support, now only rfc2782 is supported
93
94 * always build with kaserver protocol support in the KDC (assuming
95   KRB4 is enabled) and support for reading kaserver databases in
96   hprop
97
98Changes in release 0.3f
99
100 * change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab,
101   the new keytab type that tries both of these in order (SRVTAB is
102   also an alias for krb4:)
103
104 * improve error reporting and error handling (error messages should
105   be more detailed and more useful)
106
107 * improve building with openssl
108
109 * add kadmin -K, rcp -F 
110
111 * fix two incorrect weak DES keys
112
113 * fix building of kaserver compat in KDC
114
115 * the API is closer to what MIT krb5 is using
116
117 * more compatible with windows 2000
118
119 * removed some memory leaks
120
121 * bug fixes
122
123Changes in release 0.3e
124
125 * rcp program included
126
127 * fix buffer overrun in ftpd
128
129 * handle omitted sequence numbers as zeroes to handle MIT krb5 that
130   cannot generate zero sequence numbers
131
132 * handle v4 /.k files better
133
134 * configure/portability fixes
135
136 * fixes in parsing of options to kadmin (sub-)commands
137
138 * handle errors in kadmin load better
139
140 * bug fixes
141
142Changes in release 0.3d
143
144 * add krb5-config
145
146 * fix a bug in 3des gss-api mechanism, making it compatible with the
147   specification and the MIT implementation
148
149 * make telnetd only allow a specific list of environment variables to
150   stop it from setting `sensitive' variables
151
152 * try to use an existing libdes
153
154 * lib/krb5, kdc: use correct usage type for ap-req messages.  This
155   should improve compatability with MIT krb5 when using 3DES
156   encryption types
157
158 * kdc: fix memory allocation problem
159
160 * update config.guess and config.sub
161
162 * lib/roken: more stuff implemented
163
164 * bug fixes and portability enhancements
165
166Changes in release 0.3c
167
168 * lib/krb5: memory caches now support the resolve operation
169
170 * appl/login: set PATH to some sane default
171
172 * kadmind: handle several realms
173
174 * bug fixes (including memory leaks)
175
176Changes in release 0.3b
177
178 * kdc: prefer default-salted keys on v5 requests
179
180 * kdc: lowercase hostnames in v4 mode
181
182 * hprop: handle more types of MIT salts
183
184 * lib/krb5: fix memory leak
185
186 * bug fixes
187
188Changes in release 0.3a:
189
190 * implement arcfour-hmac-md5 to interoperate with W2K
191
192 * modularise the handling of the master key, and allow for other
193   encryption types. This makes it easier to import a database from
194   some other source without having to re-encrypt all keys.
195
196 * allow for better control over which encryption types are created
197
198 * make kinit fallback to v4 if given a v4 KDC
199
200 * make klist work better with v4 and v5, and add some more MIT
201   compatibility options
202
203 * make the kdc listen on the krb524 (4444) port for compatibility
204   with MIT krb5 clients
205
206 * implement more DCE/DFS support, enabled with --enable-dce, see
207   lib/kdfs and appl/dceutils
208
209 * make the sequence numbers work correctly
210
211 * bug fixes
212
213Changes in release 0.2t:
214
215 * bug fixes
216
217Changes in release 0.2s:
218
219 * add OpenLDAP support in hdb
220
221 * login will get v4 tickets when it receives forwarded tickets
222
223 * xnlock supports both v5 and v4
224
225 * repair source routing for telnet
226
227 * fix building problems with krb4 (krb_mk_req)
228
229 * bug fixes
230
231Changes in release 0.2r:
232
233 * fix realloc memory corruption bug in kdc
234
235 * `add --key' and `cpw --key' in kadmin
236
237 * klist supports listing v4 tickets
238
239 * update config.guess and config.sub
240
241 * make v4 -> v5 principal name conversion more robust
242
243 * support for anonymous tickets
244
245 * new man-pages
246
247 * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab.
248
249 * use and set expiration and not password expiration when dumping
250   to/from ka server databases / krb4 databases
251
252 * make the code happier with 64-bit time_t
253
254 * follow RFC2782 and by default do not look for non-underscore SRV names
255
256Changes in release 0.2q:
257
258 * bug fix in tcp-handling in kdc
259
260 * bug fix in expand_hostname
261
262Changes in release 0.2p:
263
264 * bug fix in `kadmin load/merge'
265
266 * bug fix in krb5_parse_address
267
268Changes in release 0.2o:
269
270 * gss_{import,export}_sec_context added to libgssapi
271
272 * new option --addresses to kdc (for listening on an explicit set of
273   addresses)
274
275 * bug fixes in the krb4 and kaserver emulation part of the kdc
276
277 * other bug fixes
278
279Changes in release 0.2n:
280
281 * more robust parsing of dump files in kadmin
282 * changed default timestamp format for log messages to extended ISO
283   8601 format (Y-M-DTH:M:S)
284 * changed md4/md5/sha1 APIes to be de-facto `standard'
285 * always make hostname into lower-case before creating principal
286 * small bits of more MIT-compatability
287 * bug fixes
288
289Changes in release 0.2m:
290
291 * handle glibc's getaddrinfo() that returns several ai_canonname
292
293 * new endian test
294
295 * man pages fixes
296
297Changes in release 0.2l:
298
299 * bug fixes
300
301Changes in release 0.2k:
302
303 * better IPv6 test
304
305 * make struct sockaddr_storage in roken work better on alphas
306
307 * some missing [hn]to[hn]s fixed.
308
309 * allow users to change their own passwords with kadmin (with initial
310   tickets)
311
312 * fix stupid bug in parsing KDC specification
313
314 * add `ktutil change' and `ktutil purge'
315
316Changes in release 0.2j:
317
318 * builds on Irix
319
320 * ftpd works in passive mode
321
322 * should build on cygwin
323
324 * work around broken IPv6-code on OpenBSD 2.6, also add configure
325   option --disable-ipv6
326
327Changes in release 0.2i:
328
329 * use getaddrinfo in the missing places.
330
331 * fix SRV lookup for admin server
332
333 * use get{addr,name}info everywhere.  and implement it in terms of
334   getipnodeby{name,addr} (which uses gethostbyname{,2} and
335   gethostbyaddr)
336
337Changes in release 0.2h:
338
339 * fix typo in kx (now compiles)
340
341Changes in release 0.2g:
342
343 * lots of bug fixes:
344   * push works
345   * repair appl/test programs
346   * sockaddr_storage works on solaris (alignment issues)
347   * works better with non-roken getaddrinfo
348   * rsh works
349   * some non standard C constructs removed
350
351Changes in release 0.2f:
352
353 * support SRV records for kpasswd
354 * look for both _kerberos and krb5-realm when doing host -> realm mapping
355
356Changes in release 0.2e:
357
358 * changed copyright notices to remove `advertising'-clause.
359 * get{addr,name}info added to roken and used in the other code
360   (this makes things work much better with hosts with both v4 and v6
361    addresses, among other things)
362 * do pre-auth for both password and key-based get_in_tkt
363 * support for having several databases
364 * new command `del_enctype' in kadmin
365 * strptime (and new strftime) add to roken
366 * more paranoia about finding libdb
367 * bug fixes
368
369Changes in release 0.2d:
370
371 * new configuration option [libdefaults]default_etypes_des
372 * internal ls in ftpd builds without KRB4
373 * kx/rsh/push/pop_debug tries v5 and v4 consistenly
374 * build bug fixes
375 * other bug fixes
376
377Changes in release 0.2c:
378
379 * bug fixes (see ChangeLog's for details)
380
381Changes in release 0.2b:
382
383 * bug fixes
384 * actually bump shared library versions
385
386Changes in release 0.2a:
387
388 * a new program verify_krb5_conf for checking your /etc/krb5.conf
389 * add 3DES keys when changing password
390 * support null keys in database
391 * support multiple local realms
392 * implement a keytab backend for AFS KeyFile's
393 * implement a keytab backend for v4 srvtabs
394 * implement `ktutil copy'
395 * support password quality control in v4 kadmind
396 * improvements in v4 compat kadmind
397 * handle the case of having the correct cred in the ccache but with
398   the wrong encryption type better
399 * v6-ify the remaining programs.
400 * internal ls in ftpd
401 * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat
402 * add `ank --random-password' and `cpw --random-password' in kadmin
403 * some programs and documentation for trying to talk to a W2K KDC
404 * bug fixes
405
406Changes in release 0.1m:
407
408 * support for getting default from krb5.conf for kinit/kf/rsh/telnet.
409   From Miroslav Ruda <ruda@ics.muni.cz>
410 * v6-ify hprop and hpropd
411 * support numeric addresses in krb5_mk_req
412 * shadow support in login and su. From Miroslav Ruda <ruda@ics.muni.cz>
413 * make rsh/rshd IPv6-aware
414 * make the gssapi sample applications better at reporting errors
415 * lots of bug fixes
416 * handle systems with v6-aware libc and non-v6 kernels (like Linux
417   with glibc 2.1) better
418 * hide failure of ERPT in ftp
419 * lots of bug fixes
420
421Changes in release 0.1l:
422
423 * make ftp and ftpd IPv6-aware
424 * add inet_pton to roken
425 * more IPv6-awareness
426 * make mini_inetd v6 aware
427
428Changes in release 0.1k:
429
430 * bump shared libraries versions
431 * add roken version of inet_ntop
432 * merge more changes to rshd
433
434Changes in release 0.1j:
435
436 * restore back to the `old' 3DES code.  This was supposed to be done
437   in 0.1h and 0.1i but I did a CVS screw-up.
438 * make telnetd handle v6 connections
439
440Changes in release 0.1i:
441
442 * start using `struct sockaddr_storage' which simplifies the code
443   (with a fallback definition if it's not defined)
444 * bug fixes (including in hprop and kf)
445 * don't use mawk which seems to mishandle roken.awk
446 * get_addrs should be able to handle v6 addresses on Linux (with the
447   required patch to the Linux kernel -- ask within)
448 * rshd builds with shadow passwords
449
450Changes in release 0.1h:
451
452 * kf: new program for forwarding credentials
453 * portability fixes
454 * make forwarding credentials work with MIT code
455 * better conversion of ka database
456 * add etc/services.append
457 * correct `modified by' from kpasswdd
458 * lots of bug fixes
459
460Changes in release 0.1g:
461
462 * kgetcred: new program for explicitly obtaining tickets
463 * configure fixes
464 * krb5-aware kx
465 * bug fixes
466
467Changes in release 0.1f;
468
469 * experimental support for v4 kadmin protokoll in kadmind
470 * bug fixes
471
472Changes in release 0.1e:
473
474 * try to handle old DCE and MIT kdcs
475 * support for older versions of credential cache files and keytabs
476 * postdated tickets work
477 * support for password quality checks in kpasswdd
478 * new flag --enable-kaserver for kdc
479 * renew fixes
480 * prototype su program
481 * updated (some) manpages
482 * support for KDC resource records
483 * should build with --without-krb4
484 * bug fixes
485
486Changes in release 0.1d:
487
488 * Support building with DB2 (uses 1.85-compat API)
489 * Support krb5-realm.DOMAIN in DNS
490 * new `ktutil srvcreate'
491 * v4/kafs support in klist/kdestroy
492 * bug fixes
493
494Changes in release 0.1c:
495
496 * fix ASN.1 encoding of signed integers
497 * somewhat working `ktutil get'
498 * some documentation updates
499 * update to Autoconf 2.13 and Automake 1.4
500 * the usual bug fixes
501
502Changes in release 0.1b:
503
504 * some old -> new crypto conversion utils
505 * bug fixes
506
507Changes in release 0.1a:
508
509 * new crypto code
510 * more bug fixes
511 * make sure we ask for DES keys in gssapi
512 * support signed ints in ASN1
513 * IPv6-bug fixes
514
515Changes in release 0.0u:
516
517 * lots of bug fixes
518
519Changes in release 0.0t:
520
521 * more robust parsing of krb5.conf
522 * include net{read,write} in lib/roken
523 * bug fixes
524
525Changes in release 0.0s:
526
527 * kludges for parsing options to rsh
528 * more robust parsing of krb5.conf
529 * removed some arbitrary limits
530 * bug fixes
531
532Changes in release 0.0r:
533
534 * default options for some programs
535 * bug fixes
536
537Changes in release 0.0q:
538
539 * support for building shared libraries with libtool
540 * bug fixes
541
542Changes in release 0.0p:
543
544 * keytab moved to /etc/krb5.keytab
545 * avoid false detection of IPv6 on Linux
546 * Lots of more functionality in the gssapi-library
547 * hprop can now read ka-server databases
548 * bug fixes
549
550Changes in release 0.0o:
551
552 * FTP with GSSAPI support.
553 * Bug fixes.
554
555Changes in release 0.0n:
556
557 * Incremental database propagation.
558 * Somewhat improved kadmin ui; the stuff in admin is now removed.
559 * Some support for using enctypes instead of keytypes.
560 * Lots of other improvement and bug fixes, see ChangeLog for details.
561