NEWS revision 90926
1100384SpeterChanges in release 0.4e 2100384Speter 3100384Speter * improve libcrypto and database autoconf tests 4100384Speter 5100384Speter * do not care about salting of server principals when serving v4 requests 6100384Speter 7100384Speter * some improvements to gssapi library 8100384Speter 9100384Speter * test for existing compile_et/libcom_err 10100384Speter 11100384Speter * portability fixes 12100384Speter 13100384Speter * bug fixes 14100384Speter 15100384SpeterChanges in release 0.4d 16100384Speter 17100384Speter * fix some problems when using libcrypto from openssl 18100384Speter 19100384Speter * handle /dev/ptmx `unix98' ptys on Linux 20100384Speter 21100384Speter * add some forgotten man pages 22100384Speter 23100384Speter * rsh: clean-up and add man page 24100384Speter 25100384Speter * fix -A and -a in builtin-ls in tpd 26100384Speter 27118031Sobrien * fix building problem on Irix 28118031Sobrien 29118031Sobrien * make `ktutil get' more efficient 30104738Speter 31104738Speter * bug fixes 32100384Speter 33100384SpeterChanges in release 0.4c 34100384Speter 35100384Speter * fix buffer overrun in telnetd 36100384Speter 37100384Speter * repair some of the v4 fallback code in kinit 38123746Speter 39100384Speter * add more shared library dependencies 40100384Speter 41100384Speter * simplify and fix hprop handling of v4 databases 42100384Speter 43100384Speter * fix some building problems (osf's sia and osfc2 login) 44100384Speter 45100384Speter * bug fixes 46100384Speter 47100384SpeterChanges in release 0.4b 48100384Speter 49100384Speter * update the shared library version numbers correctly 50100384Speter 51100384SpeterChanges in release 0.4a 52100384Speter 53100384Speter * corrected key used for checksum in mk_safe, unfortunately this 54100384Speter makes it backwards incompatible 55100384Speter 56100384Speter * update to autoconf 2.50, libtool 1.4 57100384Speter 58100384Speter * re-write dns/config lookups (krb5_krbhst API) 59100384Speter 60100384Speter * make order of using subkeys consistent 61113859Sjhb 62100384Speter * add man page links 63100384Speter 64100384Speter * add more man pages 65100384Speter 66100384Speter * remove rfc2052 support, now only rfc2782 is supported 67100384Speter 68127140Sjhb * always build with kaserver protocol support in the KDC (assuming 69100384Speter KRB4 is enabled) and support for reading kaserver databases in 70100384Speter hprop 71100384Speter 72100384SpeterChanges in release 0.3f 73100384Speter 74100384Speter * change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab, 75100384Speter the new keytab type that tries both of these in order (SRVTAB is 76100384Speter also an alias for krb4:) 77100384Speter 78119333Speter * improve error reporting and error handling (error messages should 79119333Speter be more detailed and more useful) 80119333Speter 81100384Speter * improve building with openssl 82121719Speter 83121719Speter * add kadmin -K, rcp -F 84121719Speter 85121719Speter * fix two incorrect weak DES keys 86121719Speter 87100384Speter * fix building of kaserver compat in KDC 88119333Speter 89100384Speter * the API is closer to what MIT krb5 is using 90127140Sjhb 91127140Sjhb * more compatible with windows 2000 92136152Sjhb 93100384Speter * removed some memory leaks 94136152Sjhb 95136152Sjhb * bug fixes 96136152Sjhb 97136152SjhbChanges in release 0.3e 98136152Sjhb 99100384Speter * rcp program included 100100384Speter 101127140Sjhb * fix buffer overrun in ftpd 102127140Sjhb 103127140Sjhb * handle omitted sequence numbers as zeroes to handle MIT krb5 that 104100384Speter cannot generate zero sequence numbers 105100384Speter 106100384Speter * handle v4 /.k files better 107100384Speter 108100384Speter * configure/portability fixes 109100384Speter 110100384Speter * fixes in parsing of options to kadmin (sub-)commands 111100384Speter 112100384Speter * handle errors in kadmin load better 113100384Speter 114100384Speter * bug fixes 115100384Speter 116100384SpeterChanges in release 0.3d 117100384Speter 118100384Speter * add krb5-config 119100384Speter 120127140Sjhb * fix a bug in 3des gss-api mechanism, making it compatible with the 121100384Speter specification and the MIT implementation 122100384Speter 123100384Speter * make telnetd only allow a specific list of environment variables to 124100384Speter stop it from setting `sensitive' variables 125128597Smarcel 126100384Speter * try to use an existing libdes 127100384Speter 128100384Speter * lib/krb5, kdc: use correct usage type for ap-req messages. This 129100384Speter should improve compatability with MIT krb5 when using 3DES 130100384Speter encryption types 131100384Speter 132100384Speter * kdc: fix memory allocation problem 133100384Speter 134100384Speter * update config.guess and config.sub 135100384Speter 136100384Speter * lib/roken: more stuff implemented 137100384Speter 138100384Speter * bug fixes and portability enhancements 139100384Speter 140100384SpeterChanges in release 0.3c 141100384Speter 142100384Speter * lib/krb5: memory caches now support the resolve operation 143100384Speter 144100384Speter * appl/login: set PATH to some sane default 145100384Speter 146128260Speter * kadmind: handle several realms 147100384Speter 148100384Speter * bug fixes (including memory leaks) 149100384Speter 150128260SpeterChanges in release 0.3b 151100384Speter 152128597Smarcel * kdc: prefer default-salted keys on v5 requests 153100384Speter 154128597Smarcel * kdc: lowercase hostnames in v4 mode 155100384Speter 156128260Speter * hprop: handle more types of MIT salts 157100384Speter 158100384Speter * lib/krb5: fix memory leak 159100384Speter 160100384Speter * bug fixes 161100384Speter 162100384SpeterChanges in release 0.3a: 163100384Speter 164107849Salfred * implement arcfour-hmac-md5 to interoperate with W2K 165107849Salfred 166100384Speter * modularise the handling of the master key, and allow for other 167100384Speter encryption types. This makes it easier to import a database from 168100384Speter some other source without having to re-encrypt all keys. 169100384Speter 170107849Salfred * allow for better control over which encryption types are created 171100384Speter 172100384Speter * make kinit fallback to v4 if given a v4 KDC 173100384Speter 174100384Speter * make klist work better with v4 and v5, and add some more MIT 175100384Speter compatibility options 176100384Speter 177100384Speter * make the kdc listen on the krb524 (4444) port for compatibility 178100384Speter with MIT krb5 clients 179100384Speter 180100384Speter * implement more DCE/DFS support, enabled with --enable-dce, see 181100384Speter lib/kdfs and appl/dceutils 182100384Speter 183100384Speter * make the sequence numbers work correctly 184100384Speter 185100384Speter * bug fixes 186100384Speter 187128597SmarcelChanges in release 0.2t: 188100384Speter 189100384Speter * bug fixes 190100384Speter 191100384SpeterChanges in release 0.2s: 192100384Speter 193100384Speter * add OpenLDAP support in hdb 194100384Speter 195121719Speter * login will get v4 tickets when it receives forwarded tickets 196121719Speter 197100384Speter * xnlock supports both v5 and v4 198119333Speter 199119333Speter * repair source routing for telnet 200100384Speter 201113859Sjhb * fix building problems with krb4 (krb_mk_req) 202113859Sjhb 203100384Speter * bug fixes 204100384Speter 205113859SjhbChanges in release 0.2r: 206113859Sjhb 207100384Speter * fix realloc memory corruption bug in kdc 208100384Speter 209113859Sjhb * `add --key' and `cpw --key' in kadmin 210113859Sjhb 211113859Sjhb * klist supports listing v4 tickets 212113859Sjhb 213113859Sjhb * update config.guess and config.sub 214113859Sjhb 215113859Sjhb * make v4 -> v5 principal name conversion more robust 216113859Sjhb 217113859Sjhb * support for anonymous tickets 218113859Sjhb 219113859Sjhb * new man-pages 220113859Sjhb 221100384Speter * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab. 222100384Speter 223100384Speter * use and set expiration and not password expiration when dumping 224100384Speter to/from ka server databases / krb4 databases 225100384Speter 226119333Speter * make the code happier with 64-bit time_t 227100384Speter 228100384Speter * follow RFC2782 and by default do not look for non-underscore SRV names 229100384Speter 230100384SpeterChanges in release 0.2q: 231100384Speter 232122253Speter * bug fix in tcp-handling in kdc 233100384Speter 234100384Speter * bug fix in expand_hostname 235100384Speter 236107849SalfredChanges in release 0.2p: 237100384Speter 238107849Salfred * bug fix in `kadmin load/merge' 239100384Speter 240107849Salfred * bug fix in krb5_parse_address 241100384Speter 242100384SpeterChanges in release 0.2o: 243100384Speter 244100384Speter * gss_{import,export}_sec_context added to libgssapi 245100384Speter 246100384Speter * new option --addresses to kdc (for listening on an explicit set of 247100384Speter addresses) 248107849Salfred 249107849Salfred * bug fixes in the krb4 and kaserver emulation part of the kdc 250100384Speter 251100384Speter * other bug fixes 252100384Speter 253100384SpeterChanges in release 0.2n: 254122253Speter 255122253Speter * more robust parsing of dump files in kadmin 256122253Speter * changed default timestamp format for log messages to extended ISO 257122253Speter 8601 format (Y-M-DTH:M:S) 258100384Speter * changed md4/md5/sha1 APIes to be de-facto `standard' 259100384Speter * always make hostname into lower-case before creating principal 260107849Salfred * small bits of more MIT-compatability 261100384Speter * bug fixes 262107849Salfred 263100384SpeterChanges in release 0.2m: 264100384Speter 265100384Speter * handle glibc's getaddrinfo() that returns several ai_canonname 266100384Speter 267100384Speter * new endian test 268100384Speter 269100384Speter * man pages fixes 270107849Salfred 271107849SalfredChanges in release 0.2l: 272100384Speter 273100384Speter * bug fixes 274100384Speter 275100384SpeterChanges in release 0.2k: 276122253Speter 277122253Speter * better IPv6 test 278122253Speter 279122253Speter * make struct sockaddr_storage in roken work better on alphas 280100384Speter 281100384Speter * some missing [hn]to[hn]s fixed. 282100384Speter 283100384Speter * allow users to change their own passwords with kadmin (with initial 284100384Speter tickets) 285100384Speter 286114987Speter * fix stupid bug in parsing KDC specification 287100384Speter 288119333Speter * add `ktutil change' and `ktutil purge' 289119333Speter 290100384SpeterChanges in release 0.2j: 291100384Speter 292100384Speter * builds on Irix 293100384Speter 294100384Speter * ftpd works in passive mode 295100384Speter 296100384Speter * should build on cygwin 297100384Speter 298100384Speter * work around broken IPv6-code on OpenBSD 2.6, also add configure 299100384Speter option --disable-ipv6 300100384Speter 301100384SpeterChanges in release 0.2i: 302100384Speter 303100384Speter * use getaddrinfo in the missing places. 304100384Speter 305100384Speter * fix SRV lookup for admin server 306100384Speter 307100384Speter * use get{addr,name}info everywhere. and implement it in terms of 308100384Speter getipnodeby{name,addr} (which uses gethostbyname{,2} and 309100384Speter gethostbyaddr) 310100384Speter 311100384SpeterChanges in release 0.2h: 312100384Speter 313100384Speter * fix typo in kx (now compiles) 314100384Speter 315100384SpeterChanges in release 0.2g: 316100384Speter 317100384Speter * lots of bug fixes: 318100384Speter * push works 319100384Speter * repair appl/test programs 320107849Salfred * sockaddr_storage works on solaris (alignment issues) 321107849Salfred * works better with non-roken getaddrinfo 322107849Salfred * rsh works 323107849Salfred * some non standard C constructs removed 324100384Speter 325100384SpeterChanges in release 0.2f: 326100384Speter 327100384Speter * support SRV records for kpasswd 328100384Speter * look for both _kerberos and krb5-realm when doing host -> realm mapping 329100384Speter 330100384SpeterChanges in release 0.2e: 331100384Speter 332100384Speter * changed copyright notices to remove `advertising'-clause. 333114987Speter * get{addr,name}info added to roken and used in the other code 334100384Speter (this makes things work much better with hosts with both v4 and v6 335100384Speter addresses, among other things) 336119333Speter * do pre-auth for both password and key-based get_in_tkt 337100384Speter * support for having several databases 338100384Speter * new command `del_enctype' in kadmin 339107849Salfred * strptime (and new strftime) add to roken 340107849Salfred * more paranoia about finding libdb 341107849Salfred * bug fixes 342107849Salfred 343107849SalfredChanges in release 0.2d: 344107849Salfred 345107849Salfred * new configuration option [libdefaults]default_etypes_des 346114987Speter * internal ls in ftpd builds without KRB4 347100384Speter * kx/rsh/push/pop_debug tries v5 and v4 consistenly 348100384Speter * build bug fixes 349100384Speter * other bug fixes 350100384Speter 351100384SpeterChanges in release 0.2c: 352100384Speter 353100384Speter * bug fixes (see ChangeLog's for details) 354100384Speter 355100384SpeterChanges in release 0.2b: 356100384Speter 357100384Speter * bug fixes 358100384Speter * actually bump shared library versions 359100384Speter 360119333SpeterChanges in release 0.2a: 361119333Speter 362119333Speter * a new program verify_krb5_conf for checking your /etc/krb5.conf 363100384Speter * add 3DES keys when changing password 364100384Speter * support null keys in database 365100384Speter * support multiple local realms 366100384Speter * implement a keytab backend for AFS KeyFile's 367100384Speter * implement a keytab backend for v4 srvtabs 368100384Speter * implement `ktutil copy' 369119333Speter * support password quality control in v4 kadmind 370100384Speter * improvements in v4 compat kadmind 371100384Speter * handle the case of having the correct cred in the ccache but with 372100384Speter the wrong encryption type better 373100384Speter * v6-ify the remaining programs. 374100384Speter * internal ls in ftpd 375100384Speter * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat 376100384Speter * add `ank --random-password' and `cpw --random-password' in kadmin 377100384Speter * some programs and documentation for trying to talk to a W2K KDC 378100384Speter * bug fixes 379100384Speter 380100384SpeterChanges in release 0.1m: 381100384Speter 382100384Speter * support for getting default from krb5.conf for kinit/kf/rsh/telnet. 383100384Speter From Miroslav Ruda <ruda@ics.muni.cz> 384100384Speter * v6-ify hprop and hpropd 385100384Speter * support numeric addresses in krb5_mk_req 386100384Speter * shadow support in login and su. From Miroslav Ruda <ruda@ics.muni.cz> 387100384Speter * make rsh/rshd IPv6-aware 388100384Speter * make the gssapi sample applications better at reporting errors 389100384Speter * lots of bug fixes 390100384Speter * handle systems with v6-aware libc and non-v6 kernels (like Linux 391100384Speter with glibc 2.1) better 392100384Speter * hide failure of ERPT in ftp 393100384Speter * lots of bug fixes 394100384Speter 395100384SpeterChanges in release 0.1l: 396107849Salfred 397107849Salfred * make ftp and ftpd IPv6-aware 398107849Salfred * add inet_pton to roken 399107849Salfred * more IPv6-awareness 400100384Speter * make mini_inetd v6 aware 401100384Speter 402100384SpeterChanges in release 0.1k: 403100384Speter 404100384Speter * bump shared libraries versions 405100384Speter * add roken version of inet_ntop 406100384Speter * merge more changes to rshd 407100384Speter 408100384SpeterChanges in release 0.1j: 409100384Speter 410100384Speter * restore back to the `old' 3DES code. This was supposed to be done 411100384Speter in 0.1h and 0.1i but I did a CVS screw-up. 412100384Speter * make telnetd handle v6 connections 413100384Speter 414100384SpeterChanges in release 0.1i: 415100384Speter 416100384Speter * start using `struct sockaddr_storage' which simplifies the code 417100384Speter (with a fallback definition if it's not defined) 418114987Speter * bug fixes (including in hprop and kf) 419100384Speter * don't use mawk which seems to mishandle roken.awk 420107849Salfred * get_addrs should be able to handle v6 addresses on Linux (with the 421107849Salfred required patch to the Linux kernel -- ask within) 422107849Salfred * rshd builds with shadow passwords 423107849Salfred 424107849SalfredChanges in release 0.1h: 425107849Salfred 426100384Speter * kf: new program for forwarding credentials 427100384Speter * portability fixes 428100384Speter * make forwarding credentials work with MIT code 429100384Speter * better conversion of ka database 430100384Speter * add etc/services.append 431100384Speter * correct `modified by' from kpasswdd 432100384Speter * lots of bug fixes 433100384Speter 434100384SpeterChanges in release 0.1g: 435121719Speter 436121719Speter * kgetcred: new program for explicitly obtaining tickets 437100384Speter * configure fixes 438119333Speter * krb5-aware kx 439100384Speter * bug fixes 440100384Speter 441100384SpeterChanges in release 0.1f; 442100384Speter 443100384Speter * experimental support for v4 kadmin protokoll in kadmind 444100384Speter * bug fixes 445107849Salfred 446100384SpeterChanges in release 0.1e: 447100384Speter 448100384Speter * try to handle old DCE and MIT kdcs 449107849Salfred * support for older versions of credential cache files and keytabs 450100384Speter * postdated tickets work 451100384Speter * support for password quality checks in kpasswdd 452100384Speter * new flag --enable-kaserver for kdc 453100384Speter * renew fixes 454100384Speter * prototype su program 455100384Speter * updated (some) manpages 456100384Speter * support for KDC resource records 457100384Speter * should build with --without-krb4 458100384Speter * bug fixes 459107849Salfred 460100384SpeterChanges in release 0.1d: 461100384Speter 462100384Speter * Support building with DB2 (uses 1.85-compat API) 463107849Salfred * Support krb5-realm.DOMAIN in DNS 464100384Speter * new `ktutil srvcreate' 465100384Speter * v4/kafs support in klist/kdestroy 466100384Speter * bug fixes 467100384Speter 468100384SpeterChanges in release 0.1c: 469100384Speter 470100384Speter * fix ASN.1 encoding of signed integers 471100384Speter * somewhat working `ktutil get' 472100384Speter * some documentation updates 473100384Speter * update to Autoconf 2.13 and Automake 1.4 474100384Speter * the usual bug fixes 475100384Speter 476100384SpeterChanges in release 0.1b: 477100384Speter 478100384Speter * some old -> new crypto conversion utils 479100384Speter * bug fixes 480125171Speter 481125171SpeterChanges in release 0.1a: 482125171Speter 483125171Speter * new crypto code 484125171Speter * more bug fixes 485125171Speter * make sure we ask for DES keys in gssapi 486125171Speter * support signed ints in ASN1 487125171Speter * IPv6-bug fixes 488125171Speter 489125171SpeterChanges in release 0.0u: 490125171Speter 491125171Speter * lots of bug fixes 492125171Speter 493125171SpeterChanges in release 0.0t: 494125171Speter 495125171Speter * more robust parsing of krb5.conf 496125171Speter * include net{read,write} in lib/roken 497125171Speter * bug fixes 498125171Speter 499125171SpeterChanges in release 0.0s: 500125171Speter 501125171Speter * kludges for parsing options to rsh 502125171Speter * more robust parsing of krb5.conf 503125171Speter * removed some arbitrary limits 504125171Speter * bug fixes 505125171Speter 506125171SpeterChanges in release 0.0r: 507125171Speter 508119333Speter * default options for some programs 509100384Speter * bug fixes 510100384Speter 511100384SpeterChanges in release 0.0q: 512100384Speter 513100384Speter * support for building shared libraries with libtool 514100384Speter * bug fixes 515107849Salfred 516100384SpeterChanges in release 0.0p: 517100384Speter 518100384Speter * keytab moved to /etc/krb5.keytab 519107849Salfred * avoid false detection of IPv6 on Linux 520100384Speter * Lots of more functionality in the gssapi-library 521100384Speter * hprop can now read ka-server databases 522100384Speter * bug fixes 523100384Speter 524100384SpeterChanges in release 0.0o: 525100384Speter 526100384Speter * FTP with GSSAPI support. 527100384Speter * Bug fixes. 528100384Speter 529100384SpeterChanges in release 0.0n: 530100384Speter 531100384Speter * Incremental database propagation. 532100384Speter * Somewhat improved kadmin ui; the stuff in admin is now removed. 533100384Speter * Some support for using enctypes instead of keytypes. 534100384Speter * Lots of other improvement and bug fixes, see ChangeLog for details. 535114987Speter