NEWS revision 78527 
1Changes in release 0.3f
2
3 * change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab,
4   the new keytab type that tries both of these in order (SRVTAB is
5   also an alias for krb4:)
6
7 * improve error reporting and error handling (error messages should
8   be more detailed and more useful)
9
10 * improve building with openssl
11
12 * add kadmin -K, rcp -F 
13
14 * fix two incorrect weak DES keys
15
16 * fix building of kaserver compat in KDC
17
18 * the API is closer to what MIT krb5 is using
19
20 * more compatible with windows 2000
21
22 * removed some memory leaks
23
24 * bug fixes
25
26Changes in release 0.3e
27
28 * rcp program included
29
30 * fix buffer overrun in ftpd
31
32 * handle omitted sequence numbers as zeroes to handle MIT krb5 that
33   cannot generate zero sequence numbers
34
35 * handle v4 /.k files better
36
37 * configure/portability fixes
38
39 * fixes in parsing of options to kadmin (sub-)commands
40
41 * handle errors in kadmin load better
42
43 * bug fixes
44
45Changes in release 0.3d
46
47 * add krb5-config
48
49 * fix a bug in 3des gss-api mechanism, making it compatible with the
50   specification and the MIT implementation
51
52 * make telnetd only allow a specific list of environment variables to
53   stop it from setting `sensitive' variables
54
55 * try to use an existing libdes
56
57 * lib/krb5, kdc: use correct usage type for ap-req messages.  This
58   should improve compatability with MIT krb5 when using 3DES
59   encryption types
60
61 * kdc: fix memory allocation problem
62
63 * update config.guess and config.sub
64
65 * lib/roken: more stuff implemented
66
67 * bug fixes and portability enhancements
68
69Changes in release 0.3c
70
71 * lib/krb5: memory caches now support the resolve operation
72
73 * appl/login: set PATH to some sane default
74
75 * kadmind: handle several realms
76
77 * bug fixes (including memory leaks)
78
79Changes in release 0.3b
80
81 * kdc: prefer default-salted keys on v5 requests
82
83 * kdc: lowercase hostnames in v4 mode
84
85 * hprop: handle more types of MIT salts
86
87 * lib/krb5: fix memory leak
88
89 * bug fixes
90
91Changes in release 0.3a:
92
93 * implement arcfour-hmac-md5 to interoperate with W2K
94
95 * modularise the handling of the master key, and allow for other
96   encryption types. This makes it easier to import a database from
97   some other source without having to re-encrypt all keys.
98
99 * allow for better control over which encryption types are created
100
101 * make kinit fallback to v4 if given a v4 KDC
102
103 * make klist work better with v4 and v5, and add some more MIT
104   compatibility options
105
106 * make the kdc listen on the krb524 (4444) port for compatibility
107   with MIT krb5 clients
108
109 * implement more DCE/DFS support, enabled with --enable-dce, see
110   lib/kdfs and appl/dceutils
111
112 * make the sequence numbers work correctly
113
114 * bug fixes
115
116Changes in release 0.2t:
117
118 * bug fixes
119
120Changes in release 0.2s:
121
122 * add OpenLDAP support in hdb
123
124 * login will get v4 tickets when it receives forwarded tickets
125
126 * xnlock supports both v5 and v4
127
128 * repair source routing for telnet
129
130 * fix building problems with krb4 (krb_mk_req)
131
132 * bug fixes
133
134Changes in release 0.2r:
135
136 * fix realloc memory corruption bug in kdc
137
138 * `add --key' and `cpw --key' in kadmin
139
140 * klist supports listing v4 tickets
141
142 * update config.guess and config.sub
143
144 * make v4 -> v5 principal name conversion more robust
145
146 * support for anonymous tickets
147
148 * new man-pages
149
150 * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab.
151
152 * use and set expiration and not password expiration when dumping
153   to/from ka server databases / krb4 databases
154
155 * make the code happier with 64-bit time_t
156
157 * follow RFC2782 and by default do not look for non-underscore SRV names
158
159Changes in release 0.2q:
160
161 * bug fix in tcp-handling in kdc
162
163 * bug fix in expand_hostname
164
165Changes in release 0.2p:
166
167 * bug fix in `kadmin load/merge'
168
169 * bug fix in krb5_parse_address
170
171Changes in release 0.2o:
172
173 * gss_{import,export}_sec_context added to libgssapi
174
175 * new option --addresses to kdc (for listening on an explicit set of
176   addresses)
177
178 * bug fixes in the krb4 and kaserver emulation part of the kdc
179
180 * other bug fixes
181
182Changes in release 0.2n:
183
184 * more robust parsing of dump files in kadmin
185 * changed default timestamp format for log messages to extended ISO
186   8601 format (Y-M-DTH:M:S)
187 * changed md4/md5/sha1 APIes to be de-facto `standard'
188 * always make hostname into lower-case before creating principal
189 * small bits of more MIT-compatability
190 * bug fixes
191
192Changes in release 0.2m:
193
194 * handle glibc's getaddrinfo() that returns several ai_canonname
195
196 * new endian test
197
198 * man pages fixes
199
200Changes in release 0.2l:
201
202 * bug fixes
203
204Changes in release 0.2k:
205
206 * better IPv6 test
207
208 * make struct sockaddr_storage in roken work better on alphas
209
210 * some missing [hn]to[hn]s fixed.
211
212 * allow users to change their own passwords with kadmin (with initial
213   tickets)
214
215 * fix stupid bug in parsing KDC specification
216
217 * add `ktutil change' and `ktutil purge'
218
219Changes in release 0.2j:
220
221 * builds on Irix
222
223 * ftpd works in passive mode
224
225 * should build on cygwin
226
227 * work around broken IPv6-code on OpenBSD 2.6, also add configure
228   option --disable-ipv6
229
230Changes in release 0.2i:
231
232 * use getaddrinfo in the missing places.
233
234 * fix SRV lookup for admin server
235
236 * use get{addr,name}info everywhere.  and implement it in terms of
237   getipnodeby{name,addr} (which uses gethostbyname{,2} and
238   gethostbyaddr)
239
240Changes in release 0.2h:
241
242 * fix typo in kx (now compiles)
243
244Changes in release 0.2g:
245
246 * lots of bug fixes:
247   * push works
248   * repair appl/test programs
249   * sockaddr_storage works on solaris (alignment issues)
250   * works better with non-roken getaddrinfo
251   * rsh works
252   * some non standard C constructs removed
253
254Changes in release 0.2f:
255
256 * support SRV records for kpasswd
257 * look for both _kerberos and krb5-realm when doing host -> realm mapping
258
259Changes in release 0.2e:
260
261 * changed copyright notices to remove `advertising'-clause.
262 * get{addr,name}info added to roken and used in the other code
263   (this makes things work much better with hosts with both v4 and v6
264    addresses, among other things)
265 * do pre-auth for both password and key-based get_in_tkt
266 * support for having several databases
267 * new command `del_enctype' in kadmin
268 * strptime (and new strftime) add to roken
269 * more paranoia about finding libdb
270 * bug fixes
271
272Changes in release 0.2d:
273
274 * new configuration option [libdefaults]default_etypes_des
275 * internal ls in ftpd builds without KRB4
276 * kx/rsh/push/pop_debug tries v5 and v4 consistenly
277 * build bug fixes
278 * other bug fixes
279
280Changes in release 0.2c:
281
282 * bug fixes (see ChangeLog's for details)
283
284Changes in release 0.2b:
285
286 * bug fixes
287 * actually bump shared library versions
288
289Changes in release 0.2a:
290
291 * a new program verify_krb5_conf for checking your /etc/krb5.conf
292 * add 3DES keys when changing password
293 * support null keys in database
294 * support multiple local realms
295 * implement a keytab backend for AFS KeyFile's
296 * implement a keytab backend for v4 srvtabs
297 * implement `ktutil copy'
298 * support password quality control in v4 kadmind
299 * improvements in v4 compat kadmind
300 * handle the case of having the correct cred in the ccache but with
301   the wrong encryption type better
302 * v6-ify the remaining programs.
303 * internal ls in ftpd
304 * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat
305 * add `ank --random-password' and `cpw --random-password' in kadmin
306 * some programs and documentation for trying to talk to a W2K KDC
307 * bug fixes
308
309Changes in release 0.1m:
310
311 * support for getting default from krb5.conf for kinit/kf/rsh/telnet.
312   From Miroslav Ruda <ruda@ics.muni.cz>
313 * v6-ify hprop and hpropd
314 * support numeric addresses in krb5_mk_req
315 * shadow support in login and su. From Miroslav Ruda <ruda@ics.muni.cz>
316 * make rsh/rshd IPv6-aware
317 * make the gssapi sample applications better at reporting errors
318 * lots of bug fixes
319 * handle systems with v6-aware libc and non-v6 kernels (like Linux
320   with glibc 2.1) better
321 * hide failure of ERPT in ftp
322 * lots of bug fixes
323
324Changes in release 0.1l:
325
326 * make ftp and ftpd IPv6-aware
327 * add inet_pton to roken
328 * more IPv6-awareness
329 * make mini_inetd v6 aware
330
331Changes in release 0.1k:
332
333 * bump shared libraries versions
334 * add roken version of inet_ntop
335 * merge more changes to rshd
336
337Changes in release 0.1j:
338
339 * restore back to the `old' 3DES code.  This was supposed to be done
340   in 0.1h and 0.1i but I did a CVS screw-up.
341 * make telnetd handle v6 connections
342
343Changes in release 0.1i:
344
345 * start using `struct sockaddr_storage' which simplifies the code
346   (with a fallback definition if it's not defined)
347 * bug fixes (including in hprop and kf)
348 * don't use mawk which seems to mishandle roken.awk
349 * get_addrs should be able to handle v6 addresses on Linux (with the
350   required patch to the Linux kernel -- ask within)
351 * rshd builds with shadow passwords
352
353Changes in release 0.1h:
354
355 * kf: new program for forwarding credentials
356 * portability fixes
357 * make forwarding credentials work with MIT code
358 * better conversion of ka database
359 * add etc/services.append
360 * correct `modified by' from kpasswdd
361 * lots of bug fixes
362
363Changes in release 0.1g:
364
365 * kgetcred: new program for explicitly obtaining tickets
366 * configure fixes
367 * krb5-aware kx
368 * bug fixes
369
370Changes in release 0.1f;
371
372 * experimental support for v4 kadmin protokoll in kadmind
373 * bug fixes
374
375Changes in release 0.1e:
376
377 * try to handle old DCE and MIT kdcs
378 * support for older versions of credential cache files and keytabs
379 * postdated tickets work
380 * support for password quality checks in kpasswdd
381 * new flag --enable-kaserver for kdc
382 * renew fixes
383 * prototype su program
384 * updated (some) manpages
385 * support for KDC resource records
386 * should build with --without-krb4
387 * bug fixes
388
389Changes in release 0.1d:
390
391 * Support building with DB2 (uses 1.85-compat API)
392 * Support krb5-realm.DOMAIN in DNS
393 * new `ktutil srvcreate'
394 * v4/kafs support in klist/kdestroy
395 * bug fixes
396
397Changes in release 0.1c:
398
399 * fix ASN.1 encoding of signed integers
400 * somewhat working `ktutil get'
401 * some documentation updates
402 * update to Autoconf 2.13 and Automake 1.4
403 * the usual bug fixes
404
405Changes in release 0.1b:
406
407 * some old -> new crypto conversion utils
408 * bug fixes
409
410Changes in release 0.1a:
411
412 * new crypto code
413 * more bug fixes
414 * make sure we ask for DES keys in gssapi
415 * support signed ints in ASN1
416 * IPv6-bug fixes
417
418Changes in release 0.0u:
419
420 * lots of bug fixes
421
422Changes in release 0.0t:
423
424 * more robust parsing of krb5.conf
425 * include net{read,write} in lib/roken
426 * bug fixes
427
428Changes in release 0.0s:
429
430 * kludges for parsing options to rsh
431 * more robust parsing of krb5.conf
432 * removed some arbitrary limits
433 * bug fixes
434
435Changes in release 0.0r:
436
437 * default options for some programs
438 * bug fixes
439
440Changes in release 0.0q:
441
442 * support for building shared libraries with libtool
443 * bug fixes
444
445Changes in release 0.0p:
446
447 * keytab moved to /etc/krb5.keytab
448 * avoid false detection of IPv6 on Linux
449 * Lots of more functionality in the gssapi-library
450 * hprop can now read ka-server databases
451 * bug fixes
452
453Changes in release 0.0o:
454
455 * FTP with GSSAPI support.
456 * Bug fixes.
457
458Changes in release 0.0n:
459
460 * Incremental database propagation.
461 * Somewhat improved kadmin ui; the stuff in admin is now removed.
462 * Some support for using enctypes instead of keytypes.
463 * Lots of other improvement and bug fixes, see ChangeLog for details.
464