NEWS revision 233294 
1Release Notes - Heimdal - Version Heimdal 1.5
2
3New features
4
5 - Support GSS name extensions/attributes
6 - SHA512 support
7 - No Kerberos 4 support
8 - Basic support for MIT Admin protocol (SECGSS flavor)
9   in kadmind (extract keytab)
10 - Replace editline with libedit
11
12Release Notes - Heimdal - Version Heimdal 1.4
13
14 New features
15 
16 - Support for reading MIT database file directly
17 - KCM is polished up and now used in production
18 - NTLM first class citizen, credentials stored in KCM
19 - Table driven ASN.1 compiler, smaller!, not enabled by default
20 - Native Windows client support
21
22Notes
23
24 - Disabled write support NDBM hdb backend (read still in there) since
25   it can't handle large records, please migrate to a diffrent backend
26   (like BDB4)
27
28Release Notes - Heimdal - Version Heimdal 1.3.3
29
30 Bug fixes
31 - Check the GSS-API checksum exists before trying to use it [CVE-2010-1321]
32 - Check NULL pointers before dereference them [kdc]
33
34Release Notes - Heimdal - Version Heimdal 1.3.2
35
36 Bug fixes
37
38 - Don't mix length when clearing hmac (could memset too much)
39 - More paranoid underrun checking when decrypting packets
40 - Check the password change requests and refuse to answer empty packets
41 - Build on OpenSolaris 
42 - Renumber AD-SIGNED-TICKET since it was stolen from US
43 - Don't cache /dev/*random file descriptor, it doesn't get unloaded
44 - Make C++ safe
45 - Misc warnings
46
47Release Notes - Heimdal - Version Heimdal 1.3.1
48
49 Bug fixes
50
51 - Store KDC offset in credentials
52 - Many many more bug fixes
53
54Release Notes - Heimdal - Version Heimdal 1.3.1
55
56 New features
57
58 - Make work with OpenLDAPs krb5 overlay
59
60Release Notes - Heimdal - Version Heimdal 1.3
61
62 New features
63
64 - Partial support for MIT kadmind rpc protocol in kadmind
65 - Better support for finding keytab entries when using SPN aliases in the KDC
66 - Support BER in ASN.1 library (needed for CMS)
67 - Support decryption in Keychain private keys
68 - Support for new sqlite based credential cache
69 - Try both KDC referals and the common DNS reverse lookup in GSS-API
70 - Fix the KCM to not leak resources on failure
71 - Add IPv6 support to iprop
72 - Support localization of error strings in
73   kinit/klist/kdestroy and Kerberos library
74 - Remove Kerberos 4 support in application (still in KDC)
75 - Deprecate DES
76 - Support i18n password in windows domains (using UTF-8)
77 - More complete API emulation of OpenSSL in hcrypto
78 - Support for ECDSA and ECDH when linking with OpenSSL
79
80 API changes
81
82 - Support for settin friendly name on credential caches
83 - Move to using doxygen to generate documentation.
84 - Sprinkling __attribute__((depricated)) for old function to be removed
85 - Support to export LAST-REQUST information in AS-REQ
86 - Support for client deferrals in in AS-REQ
87 - Add seek support for krb5_storage.
88 - Support for split AS-REQ, first step for IA-KERB
89 - Fix many memory leaks and bugs
90 - Improved regression test
91 - Support krb5_cccol
92 - Switch to krb5_set_error_message
93 - Support krb5_crypto_*_iov	
94 - Switch to use EVP for most function
95 - Use SOCK_CLOEXEC and O_CLOEXEC (close on exec)
96 - Add support for GSS_C_DELEG_POLICY_FLAG
97 - Add krb5_cc_[gs]et_config to store data in the credential caches
98 - PTY testing application
99
100Bugfixes
101 - Make building on AIX6 possible.
102 - Bugfixes in LDAP KDC code to make it more stable
103 - Make ipropd-slave reconnect when master down gown
104
105
106Release Notes - Heimdal - Version Heimdal 1.2.1
107
108* Bug
109
110  [HEIMDAL-147] - Heimdal 1.2 not compiling on Solaris
111  [HEIMDAL-151] - Make canned tests work again after cert expired
112  [HEIMDAL-152] - iprop test: use full hostname to avoid realm
113                  resolving errors
114  [HEIMDAL-153] - ftp: Use the correct length for unmap, msync
115
116Release Notes - Heimdal - Version Heimdal 1.2
117
118* Bug
119
120  [HEIMDAL-10] - Follow-up on bug report for SEGFAULT in
121  		 gss_display_name/gss_export_name when using SPNEGO
122  [HEIMDAL-15] - Re: [Heimdal-bugs] potential bug in Heimdal 1.1
123  [HEIMDAL-17] - Remove support for depricated [libdefaults]capath
124  [HEIMDAL-52] - hdb overwrite aliases for db databases
125  [HEIMDAL-54] - Two issues which affect credentials delegation
126  [HEIMDAL-58] - sockbuf.c calls setsockopt with bad args
127  [HEIMDAL-62] - Fix printing of sig_atomic_t
128  [HEIMDAL-87] - heimdal 1.1 not building under cygwin in hcrypto
129  [HEIMDAL-105] - rcp: sync rcp with upstream bsd rcp codebase
130  [HEIMDAL-117] - Use libtool to detect symbol versioning (Debian Bug#453241)
131
132* Improvement
133  [HEIMDAL-67] - Fix locking and store credential in atomic writes
134                 in the FILE credential cache
135  [HEIMDAL-106] - make compile on cygwin again
136  [HEIMDAL-107] - Replace old random key generation in des module
137                  and use it with RAND_ function instead
138  [HEIMDAL-115] - Better documentation and compatibility in hcrypto
139                  in regards to OpenSSL
140
141* New Feature
142  [HEIMDAL-3] - pkinit alg agility PRF test vectors
143  [HEIMDAL-14] - Add libwind to Heimdal
144  [HEIMDAL-16] - Use libwind in hx509
145  [HEIMDAL-55] - Add flag to krb5 to not add GSS-API INT|CONF to
146                 the negotiation
147  [HEIMDAL-74] - Add support to report extended error message back
148                 in AS-REQ to support windows clients
149  [HEIMDAL-116] - test pty based application (using rkpty)
150  [HEIMDAL-120] - Use new OpenLDAP API (older deprecated)
151
152* Task
153  [HEIMDAL-63] - Dont try key usage KRB5_KU_AP_REQ_AUTH for TGS-REQ.
154                 This drop compatibility with pre 0.3d KDCs.
155  [HEIMDAL-64] - kcm: first implementation of kcm-move-cache
156  [HEIMDAL-65] - Failed to compile with --disable-pk-init
157  [HEIMDAL-80] - verify that [VU#162289]: gcc silently discards some
158                 wraparound checks doesn't apply to Heimdal
159
160Changes in release 1.1
161
162 * Read-only PKCS11 provider built-in to hx509.
163
164 * Documentation for hx509, hcrypto and ntlm libraries improved.
165
166 * Better compatibilty with Windows 2008 Server pre-releases and Vista.
167
168 * Mac OS X 10.5 support for native credential cache.
169
170 * Provide pkg-config file for Heimdal (heimdal-gssapi.pc).
171
172 * Bug fixes.
173
174Changes in release 1.0.2
175
176* Ubuntu packages.
177
178* Bug fixes.
179
180Changes in release 1.0.1
181
182 * Serveral bug fixes to iprop.
183
184 * Make work on platforms without dlopen.
185
186 * Add RFC3526 modp group14 as default.
187
188 * Handle [kdc] database = { } entries without realm = stanzas.
189
190 * Make krb5_get_renewed_creds work.
191
192 * Make kaserver preauth work again.
193
194 * Bug fixes.
195
196Changes in release 1.0
197
198 * Add gss_pseudo_random() for mechglue and krb5.
199
200 * Make session key for the krbtgt be selected by the best encryption
201   type of the client.
202
203 * Better interoperability with other PK-INIT implementations.
204
205 * Inital support for Mac OS X Keychain for hx509.
206
207 * Alias support for inital ticket requests.
208
209 * Add symbol versioning to selected libraries on platforms that uses
210   GNU link editor: gssapi, hcrypto, heimntlm, hx509, krb5, and libkdc.
211
212 * New version of imath included in hcrypto.
213
214 * Fix memory leaks.
215
216 * Bugs fixes.
217
218Changes in release 0.8.1
219
220 * Make ASN.1 library less paranoid to with regard to NUL in string to
221   make it inter-operate with MIT Kerberos again.
222
223 * Make GSS-API library work again when using gss_acquire_cred
224
225 * Add symbol versioning to libgssapi when using GNU ld.
226
227 * Fix memory leaks 
228
229 * Bugs fixes
230
231Changes in release 0.8
232
233 * PK-INIT support.
234
235 * HDB extensions support, used by PK-INIT.
236
237 * New ASN.1 compiler.
238
239 * GSS-API mechglue from FreeBSD.
240
241 * Updated SPNEGO to support RFC4178.
242
243 * Support for Cryptosystem Negotiation Extension (RFC 4537).
244
245 * A new X.509 library (hx509) and related crypto functions.
246
247 * A new ntlm library (heimntlm) and related crypto functions.
248
249 * Updated the built-in crypto library with bignum support using
250   imath, support for RSA and DH and renamed it to libhcrypto.
251
252 * Subsystem in the KDC, digest, that will perform the digest
253   operation in the KDC, currently supports: CHAP, MS-CHAP-V2, SASL
254   DIGEST-MD5 NTLMv1 and NTLMv2.
255
256 * KDC will return the "response too big" error to force TCP retries
257   for large (default 1400 bytes) UDP replies.  This is common for
258   PK-INIT requests.
259
260 * Libkafs defaults to use 2b tokens.
261
262 * Default to use the API cache on Mac OS X.
263
264 * krb5_kuserok() also checks ~/.k5login.d directory for acl files,
265   see manpage for krb5_kuserok for description.
266
267 * Many, many, other updates to code and info manual and manual pages.
268
269 * Bug fixes
270
271Changes in release 0.7.2
272
273* Fix security problem in rshd that enable an attacker to overwrite
274  and change ownership of any file that root could write.
275
276* Fix a DOS in telnetd. The attacker could force the server to crash
277  in a NULL de-reference before the user logged in, resulting in inetd
278  turning telnetd off because it forked too fast.
279
280* Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name
281  exists in the keytab before returning success. This allows servers
282  to check if its even possible to use GSSAPI.
283
284* Fix receiving end of token delegation for GSS-API. It still wrongly
285  uses subkey for sending for compatibility reasons, this will change
286  in 0.8.
287
288* telnetd, login and rshd are now more verbose in logging failed and
289  successful logins.
290
291* Bug fixes
292
293Changes in release 0.7.1
294
295* Bug fixes
296
297Changes in release 0.7
298
299 * Support for KCM, a process based credential cache
300
301 * Support CCAPI credential cache
302
303 * SPNEGO support
304
305 * AES (and the gssapi conterpart, CFX) support
306
307 * Adding new and improve old documentation
308
309 * Bug fixes
310
311Changes in release 0.6.6
312
313* Fix security problem in rshd that enable an attacker to overwrite
314  and change ownership of any file that root could write.
315
316* Fix a DOS in telnetd. The attacker could force the server to crash
317  in a NULL de-reference before the user logged in, resulting in inetd
318  turning telnetd off because it forked too fast.
319
320Changes in release 0.6.5
321
322 * fix vulnerabilities in telnetd
323
324 * unbreak Kerberos 4 and kaserver
325
326Changes in release 0.6.4
327
328 * fix vulnerabilities in telnet
329
330 * rshd: encryption without a separate error socket should now work
331
332 * telnet now uses appdefaults for the encrypt and forward/forwardable
333   settings
334
335 * bug fixes
336
337Changes in release 0.6.3
338
339 * fix vulnerabilities in ftpd
340
341 * support for linux AFS /proc "syscalls"
342
343 * support for RFC3244 (Windows 2000 Kerberos Change/Set Password) in
344   kpasswdd
345
346 * fix possible KDC denial of service
347
348 * bug fixes
349
350Changes in release 0.6.2
351
352 * Fix possible buffer overrun in v4 kadmin (which now defaults to off)
353
354Changes in release 0.6.1
355
356 * Fixed ARCFOUR suppport
357
358 * Cross realm vulnerability
359
360 * kdc: fix denial of service attack
361
362 * kdc: stop clients from renewing tickets into the future
363
364 * bug fixes
365	
366Changes in release 0.6
367
368* The DES3 GSS-API mechanism has been changed to inter-operate with
369  other GSSAPI implementations. See man page for gssapi(3) how to turn
370  on generation of correct MIC messages. Next major release of heimdal 
371  will generate correct MIC by default.
372
373* More complete GSS-API support
374
375* Better AFS support: kdc (524) supports 2b; 524 in kdc and AFS
376  support in applications no longer requires Kerberos 4 libs
377
378* Kerberos 4 support in kdc defaults to turned off (includes ka and 524)
379
380* other bug fixes
381
382Changes in release 0.5.2
383
384 * kdc: add option for disabling v4 cross-realm (defaults to off)
385
386 * bug fixes
387
388Changes in release 0.5.1
389
390 * kadmind: fix remote exploit
391
392 * kadmind: add option to disable kerberos 4
393
394 * kdc: make sure kaserver token life is positive
395
396 * telnet: use the session key if there is no subkey
397
398 * fix EPSV parsing in ftp
399
400 * other bug fixes
401
402Changes in release 0.5
403
404 * add --detach option to kdc
405
406 * allow setting forward and forwardable option in telnet from
407   .telnetrc, with override from command line
408
409 * accept addresses with or without ports in krb5_rd_cred
410
411 * make it work with modern openssl
412
413 * use our own string2key function even with openssl (that handles weak
414   keys incorrectly)
415
416 * more system-specific requirements in login
417
418 * do not use getlogin() to determine root in su
419
420 * telnet: abort if telnetd does not support encryption
421
422 * update autoconf to 2.53
423
424 * update config.guess, config.sub
425
426 * other bug fixes
427
428Changes in release 0.4e
429
430 * improve libcrypto and database autoconf tests
431
432 * do not care about salting of server principals when serving v4 requests
433
434 * some improvements to gssapi library
435
436 * test for existing compile_et/libcom_err
437
438 * portability fixes
439
440 * bug fixes
441
442Changes in release 0.4d
443
444 * fix some problems when using libcrypto from openssl
445
446 * handle /dev/ptmx `unix98' ptys on Linux
447
448 * add some forgotten man pages
449
450 * rsh: clean-up and add man page
451
452 * fix -A and -a in builtin-ls in tpd
453
454 * fix building problem on Irix
455
456 * make `ktutil get' more efficient
457
458 * bug fixes
459
460Changes in release 0.4c
461
462 * fix buffer overrun in telnetd
463
464 * repair some of the v4 fallback code in kinit
465
466 * add more shared library dependencies
467
468 * simplify and fix hprop handling of v4 databases
469
470 * fix some building problems (osf's sia and osfc2 login)
471
472 * bug fixes
473
474Changes in release 0.4b
475
476 * update the shared library version numbers correctly
477
478Changes in release 0.4a
479
480 * corrected key used for checksum in mk_safe, unfortunately this
481   makes it backwards incompatible
482
483 * update to autoconf 2.50, libtool 1.4
484
485 * re-write dns/config lookups (krb5_krbhst API)
486
487 * make order of using subkeys consistent
488
489 * add man page links
490
491 * add more man pages
492
493 * remove rfc2052 support, now only rfc2782 is supported
494
495 * always build with kaserver protocol support in the KDC (assuming
496   KRB4 is enabled) and support for reading kaserver databases in
497   hprop
498
499Changes in release 0.3f
500
501 * change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab,
502   the new keytab type that tries both of these in order (SRVTAB is
503   also an alias for krb4:)
504
505 * improve error reporting and error handling (error messages should
506   be more detailed and more useful)
507
508 * improve building with openssl
509
510 * add kadmin -K, rcp -F 
511
512 * fix two incorrect weak DES keys
513
514 * fix building of kaserver compat in KDC
515
516 * the API is closer to what MIT krb5 is using
517
518 * more compatible with windows 2000
519
520 * removed some memory leaks
521
522 * bug fixes
523
524Changes in release 0.3e
525
526 * rcp program included
527
528 * fix buffer overrun in ftpd
529
530 * handle omitted sequence numbers as zeroes to handle MIT krb5 that
531   cannot generate zero sequence numbers
532
533 * handle v4 /.k files better
534
535 * configure/portability fixes
536
537 * fixes in parsing of options to kadmin (sub-)commands
538
539 * handle errors in kadmin load better
540
541 * bug fixes
542
543Changes in release 0.3d
544
545 * add krb5-config
546
547 * fix a bug in 3des gss-api mechanism, making it compatible with the
548   specification and the MIT implementation
549
550 * make telnetd only allow a specific list of environment variables to
551   stop it from setting `sensitive' variables
552
553 * try to use an existing libdes
554
555 * lib/krb5, kdc: use correct usage type for ap-req messages.  This
556   should improve compatability with MIT krb5 when using 3DES
557   encryption types
558
559 * kdc: fix memory allocation problem
560
561 * update config.guess and config.sub
562
563 * lib/roken: more stuff implemented
564
565 * bug fixes and portability enhancements
566
567Changes in release 0.3c
568
569 * lib/krb5: memory caches now support the resolve operation
570
571 * appl/login: set PATH to some sane default
572
573 * kadmind: handle several realms
574
575 * bug fixes (including memory leaks)
576
577Changes in release 0.3b
578
579 * kdc: prefer default-salted keys on v5 requests
580
581 * kdc: lowercase hostnames in v4 mode
582
583 * hprop: handle more types of MIT salts
584
585 * lib/krb5: fix memory leak
586
587 * bug fixes
588
589Changes in release 0.3a:
590
591 * implement arcfour-hmac-md5 to interoperate with W2K
592
593 * modularise the handling of the master key, and allow for other
594   encryption types. This makes it easier to import a database from
595   some other source without having to re-encrypt all keys.
596
597 * allow for better control over which encryption types are created
598
599 * make kinit fallback to v4 if given a v4 KDC
600
601 * make klist work better with v4 and v5, and add some more MIT
602   compatibility options
603
604 * make the kdc listen on the krb524 (4444) port for compatibility
605   with MIT krb5 clients
606
607 * implement more DCE/DFS support, enabled with --enable-dce, see
608   lib/kdfs and appl/dceutils
609
610 * make the sequence numbers work correctly
611
612 * bug fixes
613
614Changes in release 0.2t:
615
616 * bug fixes
617
618Changes in release 0.2s:
619
620 * add OpenLDAP support in hdb
621
622 * login will get v4 tickets when it receives forwarded tickets
623
624 * xnlock supports both v5 and v4
625
626 * repair source routing for telnet
627
628 * fix building problems with krb4 (krb_mk_req)
629
630 * bug fixes
631
632Changes in release 0.2r:
633
634 * fix realloc memory corruption bug in kdc
635
636 * `add --key' and `cpw --key' in kadmin
637
638 * klist supports listing v4 tickets
639
640 * update config.guess and config.sub
641
642 * make v4 -> v5 principal name conversion more robust
643
644 * support for anonymous tickets
645
646 * new man-pages
647
648 * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab.
649
650 * use and set expiration and not password expiration when dumping
651   to/from ka server databases / krb4 databases
652
653 * make the code happier with 64-bit time_t
654
655 * follow RFC2782 and by default do not look for non-underscore SRV names
656
657Changes in release 0.2q:
658
659 * bug fix in tcp-handling in kdc
660
661 * bug fix in expand_hostname
662
663Changes in release 0.2p:
664
665 * bug fix in `kadmin load/merge'
666
667 * bug fix in krb5_parse_address
668
669Changes in release 0.2o:
670
671 * gss_{import,export}_sec_context added to libgssapi
672
673 * new option --addresses to kdc (for listening on an explicit set of
674   addresses)
675
676 * bug fixes in the krb4 and kaserver emulation part of the kdc
677
678 * other bug fixes
679
680Changes in release 0.2n:
681
682 * more robust parsing of dump files in kadmin
683 * changed default timestamp format for log messages to extended ISO
684   8601 format (Y-M-DTH:M:S)
685 * changed md4/md5/sha1 APIes to be de-facto `standard'
686 * always make hostname into lower-case before creating principal
687 * small bits of more MIT-compatability
688 * bug fixes
689
690Changes in release 0.2m:
691
692 * handle glibc's getaddrinfo() that returns several ai_canonname
693
694 * new endian test
695
696 * man pages fixes
697
698Changes in release 0.2l:
699
700 * bug fixes
701
702Changes in release 0.2k:
703
704 * better IPv6 test
705
706 * make struct sockaddr_storage in roken work better on alphas
707
708 * some missing [hn]to[hn]s fixed.
709
710 * allow users to change their own passwords with kadmin (with initial
711   tickets)
712
713 * fix stupid bug in parsing KDC specification
714
715 * add `ktutil change' and `ktutil purge'
716
717Changes in release 0.2j:
718
719 * builds on Irix
720
721 * ftpd works in passive mode
722
723 * should build on cygwin
724
725 * work around broken IPv6-code on OpenBSD 2.6, also add configure
726   option --disable-ipv6
727
728Changes in release 0.2i:
729
730 * use getaddrinfo in the missing places.
731
732 * fix SRV lookup for admin server
733
734 * use get{addr,name}info everywhere.  and implement it in terms of
735   getipnodeby{name,addr} (which uses gethostbyname{,2} and
736   gethostbyaddr)
737
738Changes in release 0.2h:
739
740 * fix typo in kx (now compiles)
741
742Changes in release 0.2g:
743
744 * lots of bug fixes:
745   * push works
746   * repair appl/test programs
747   * sockaddr_storage works on solaris (alignment issues)
748   * works better with non-roken getaddrinfo
749   * rsh works
750   * some non standard C constructs removed
751
752Changes in release 0.2f:
753
754 * support SRV records for kpasswd
755 * look for both _kerberos and krb5-realm when doing host -> realm mapping
756
757Changes in release 0.2e:
758
759 * changed copyright notices to remove `advertising'-clause.
760 * get{addr,name}info added to roken and used in the other code
761   (this makes things work much better with hosts with both v4 and v6
762    addresses, among other things)
763 * do pre-auth for both password and key-based get_in_tkt
764 * support for having several databases
765 * new command `del_enctype' in kadmin
766 * strptime (and new strftime) add to roken
767 * more paranoia about finding libdb
768 * bug fixes
769
770Changes in release 0.2d:
771
772 * new configuration option [libdefaults]default_etypes_des
773 * internal ls in ftpd builds without KRB4
774 * kx/rsh/push/pop_debug tries v5 and v4 consistenly
775 * build bug fixes
776 * other bug fixes
777
778Changes in release 0.2c:
779
780 * bug fixes (see ChangeLog's for details)
781
782Changes in release 0.2b:
783
784 * bug fixes
785 * actually bump shared library versions
786
787Changes in release 0.2a:
788
789 * a new program verify_krb5_conf for checking your /etc/krb5.conf
790 * add 3DES keys when changing password
791 * support null keys in database
792 * support multiple local realms
793 * implement a keytab backend for AFS KeyFile's
794 * implement a keytab backend for v4 srvtabs
795 * implement `ktutil copy'
796 * support password quality control in v4 kadmind
797 * improvements in v4 compat kadmind
798 * handle the case of having the correct cred in the ccache but with
799   the wrong encryption type better
800 * v6-ify the remaining programs.
801 * internal ls in ftpd
802 * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat
803 * add `ank --random-password' and `cpw --random-password' in kadmin
804 * some programs and documentation for trying to talk to a W2K KDC
805 * bug fixes
806
807Changes in release 0.1m:
808
809 * support for getting default from krb5.conf for kinit/kf/rsh/telnet.
810   From Miroslav Ruda <ruda@ics.muni.cz>
811 * v6-ify hprop and hpropd
812 * support numeric addresses in krb5_mk_req
813 * shadow support in login and su. From Miroslav Ruda <ruda@ics.muni.cz>
814 * make rsh/rshd IPv6-aware
815 * make the gssapi sample applications better at reporting errors
816 * lots of bug fixes
817 * handle systems with v6-aware libc and non-v6 kernels (like Linux
818   with glibc 2.1) better
819 * hide failure of ERPT in ftp
820 * lots of bug fixes
821
822Changes in release 0.1l:
823
824 * make ftp and ftpd IPv6-aware
825 * add inet_pton to roken
826 * more IPv6-awareness
827 * make mini_inetd v6 aware
828
829Changes in release 0.1k:
830
831 * bump shared libraries versions
832 * add roken version of inet_ntop
833 * merge more changes to rshd
834
835Changes in release 0.1j:
836
837 * restore back to the `old' 3DES code.  This was supposed to be done
838   in 0.1h and 0.1i but I did a CVS screw-up.
839 * make telnetd handle v6 connections
840
841Changes in release 0.1i:
842
843 * start using `struct sockaddr_storage' which simplifies the code
844   (with a fallback definition if it's not defined)
845 * bug fixes (including in hprop and kf)
846 * don't use mawk which seems to mishandle roken.awk
847 * get_addrs should be able to handle v6 addresses on Linux (with the
848   required patch to the Linux kernel -- ask within)
849 * rshd builds with shadow passwords
850
851Changes in release 0.1h:
852
853 * kf: new program for forwarding credentials
854 * portability fixes
855 * make forwarding credentials work with MIT code
856 * better conversion of ka database
857 * add etc/services.append
858 * correct `modified by' from kpasswdd
859 * lots of bug fixes
860
861Changes in release 0.1g:
862
863 * kgetcred: new program for explicitly obtaining tickets
864 * configure fixes
865 * krb5-aware kx
866 * bug fixes
867
868Changes in release 0.1f;
869
870 * experimental support for v4 kadmin protokoll in kadmind
871 * bug fixes
872
873Changes in release 0.1e:
874
875 * try to handle old DCE and MIT kdcs
876 * support for older versions of credential cache files and keytabs
877 * postdated tickets work
878 * support for password quality checks in kpasswdd
879 * new flag --enable-kaserver for kdc
880 * renew fixes
881 * prototype su program
882 * updated (some) manpages
883 * support for KDC resource records
884 * should build with --without-krb4
885 * bug fixes
886
887Changes in release 0.1d:
888
889 * Support building with DB2 (uses 1.85-compat API)
890 * Support krb5-realm.DOMAIN in DNS
891 * new `ktutil srvcreate'
892 * v4/kafs support in klist/kdestroy
893 * bug fixes
894
895Changes in release 0.1c:
896
897 * fix ASN.1 encoding of signed integers
898 * somewhat working `ktutil get'
899 * some documentation updates
900 * update to Autoconf 2.13 and Automake 1.4
901 * the usual bug fixes
902
903Changes in release 0.1b:
904
905 * some old -> new crypto conversion utils
906 * bug fixes
907
908Changes in release 0.1a:
909
910 * new crypto code
911 * more bug fixes
912 * make sure we ask for DES keys in gssapi
913 * support signed ints in ASN1
914 * IPv6-bug fixes
915
916Changes in release 0.0u:
917
918 * lots of bug fixes
919
920Changes in release 0.0t:
921
922 * more robust parsing of krb5.conf
923 * include net{read,write} in lib/roken
924 * bug fixes
925
926Changes in release 0.0s:
927
928 * kludges for parsing options to rsh
929 * more robust parsing of krb5.conf
930 * removed some arbitrary limits
931 * bug fixes
932
933Changes in release 0.0r:
934
935 * default options for some programs
936 * bug fixes
937
938Changes in release 0.0q:
939
940 * support for building shared libraries with libtool
941 * bug fixes
942
943Changes in release 0.0p:
944
945 * keytab moved to /etc/krb5.keytab
946 * avoid false detection of IPv6 on Linux
947 * Lots of more functionality in the gssapi-library
948 * hprop can now read ka-server databases
949 * bug fixes
950
951Changes in release 0.0o:
952
953 * FTP with GSSAPI support.
954 * Bug fixes.
955
956Changes in release 0.0n:
957
958 * Incremental database propagation.
959 * Somewhat improved kadmin ui; the stuff in admin is now removed.
960 * Some support for using enctypes instead of keytypes.
961 * Lots of other improvement and bug fixes, see ChangeLog for details.
962