NEWS revision 72445 
1Changes in release 0.3e
2
3 * rcp program included
4
5 * fix buffer overrun in ftpd
6
7 * handle omitted sequence numbers as zeroes to handle MIT krb5 that
8   cannot generate zero sequence numbers
9
10 * handle v4 /.k files better
11
12 * configure/portability fixes
13
14 * fixes in parsing of options to kadmin (sub-)commands
15
16 * handle errors in kadmin load better
17
18 * bug fixes
19
20Changes in release 0.3d
21
22 * add krb5-config
23
24 * fix a bug in 3des gss-api mechanism, making it compatible with the
25   specification and the MIT implementation
26
27 * make telnetd only allow a specific list of environment variables to
28   stop it from setting `sensitive' variables
29
30 * try to use an existing libdes
31
32 * lib/krb5, kdc: use correct usage type for ap-req messages.  This
33   should improve compatability with MIT krb5 when using 3DES
34   encryption types
35
36 * kdc: fix memory allocation problem
37
38 * update config.guess and config.sub
39
40 * lib/roken: more stuff implemented
41
42 * bug fixes and portability enhancements
43
44Changes in release 0.3c
45
46 * lib/krb5: memory caches now support the resolve operation
47
48 * appl/login: set PATH to some sane default
49
50 * kadmind: handle several realms
51
52 * bug fixes (including memory leaks)
53
54Changes in release 0.3b
55
56 * kdc: prefer default-salted keys on v5 requests
57
58 * kdc: lowercase hostnames in v4 mode
59
60 * hprop: handle more types of MIT salts
61
62 * lib/krb5: fix memory leak
63
64 * bug fixes
65
66Changes in release 0.3a:
67
68 * implement arcfour-hmac-md5 to interoperate with W2K
69
70 * modularise the handling of the master key, and allow for other
71   encryption types. This makes it easier to import a database from
72   some other source without having to re-encrypt all keys.
73
74 * allow for better control over which encryption types are created
75
76 * make kinit fallback to v4 if given a v4 KDC
77
78 * make klist work better with v4 and v5, and add some more MIT
79   compatibility options
80
81 * make the kdc listen on the krb524 (4444) port for compatibility
82   with MIT krb5 clients
83
84 * implement more DCE/DFS support, enabled with --enable-dce, see
85   lib/kdfs and appl/dceutils
86
87 * make the sequence numbers work correctly
88
89 * bug fixes
90
91Changes in release 0.2t:
92
93 * bug fixes
94
95Changes in release 0.2s:
96
97 * add OpenLDAP support in hdb
98
99 * login will get v4 tickets when it receives forwarded tickets
100
101 * xnlock supports both v5 and v4
102
103 * repair source routing for telnet
104
105 * fix building problems with krb4 (krb_mk_req)
106
107 * bug fixes
108
109Changes in release 0.2r:
110
111 * fix realloc memory corruption bug in kdc
112
113 * `add --key' and `cpw --key' in kadmin
114
115 * klist supports listing v4 tickets
116
117 * update config.guess and config.sub
118
119 * make v4 -> v5 principal name conversion more robust
120
121 * support for anonymous tickets
122
123 * new man-pages
124
125 * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab.
126
127 * use and set expiration and not password expiration when dumping
128   to/from ka server databases / krb4 databases
129
130 * make the code happier with 64-bit time_t
131
132 * follow RFC2782 and by default do not look for non-underscore SRV names
133
134Changes in release 0.2q:
135
136 * bug fix in tcp-handling in kdc
137
138 * bug fix in expand_hostname
139
140Changes in release 0.2p:
141
142 * bug fix in `kadmin load/merge'
143
144 * bug fix in krb5_parse_address
145
146Changes in release 0.2o:
147
148 * gss_{import,export}_sec_context added to libgssapi
149
150 * new option --addresses to kdc (for listening on an explicit set of
151   addresses)
152
153 * bug fixes in the krb4 and kaserver emulation part of the kdc
154
155 * other bug fixes
156
157Changes in release 0.2n:
158
159 * more robust parsing of dump files in kadmin
160 * changed default timestamp format for log messages to extended ISO
161   8601 format (Y-M-DTH:M:S)
162 * changed md4/md5/sha1 APIes to be de-facto `standard'
163 * always make hostname into lower-case before creating principal
164 * small bits of more MIT-compatability
165 * bug fixes
166
167Changes in release 0.2m:
168
169 * handle glibc's getaddrinfo() that returns several ai_canonname
170
171 * new endian test
172
173 * man pages fixes
174
175Changes in release 0.2l:
176
177 * bug fixes
178
179Changes in release 0.2k:
180
181 * better IPv6 test
182
183 * make struct sockaddr_storage in roken work better on alphas
184
185 * some missing [hn]to[hn]s fixed.
186
187 * allow users to change their own passwords with kadmin (with initial
188   tickets)
189
190 * fix stupid bug in parsing KDC specification
191
192 * add `ktutil change' and `ktutil purge'
193
194Changes in release 0.2j:
195
196 * builds on Irix
197
198 * ftpd works in passive mode
199
200 * should build on cygwin
201
202 * work around broken IPv6-code on OpenBSD 2.6, also add configure
203   option --disable-ipv6
204
205Changes in release 0.2i:
206
207 * use getaddrinfo in the missing places.
208
209 * fix SRV lookup for admin server
210
211 * use get{addr,name}info everywhere.  and implement it in terms of
212   getipnodeby{name,addr} (which uses gethostbyname{,2} and
213   gethostbyaddr)
214
215Changes in release 0.2h:
216
217 * fix typo in kx (now compiles)
218
219Changes in release 0.2g:
220
221 * lots of bug fixes:
222   * push works
223   * repair appl/test programs
224   * sockaddr_storage works on solaris (alignment issues)
225   * works better with non-roken getaddrinfo
226   * rsh works
227   * some non standard C constructs removed
228
229Changes in release 0.2f:
230
231 * support SRV records for kpasswd
232 * look for both _kerberos and krb5-realm when doing host -> realm mapping
233
234Changes in release 0.2e:
235
236 * changed copyright notices to remove `advertising'-clause.
237 * get{addr,name}info added to roken and used in the other code
238   (this makes things work much better with hosts with both v4 and v6
239    addresses, among other things)
240 * do pre-auth for both password and key-based get_in_tkt
241 * support for having several databases
242 * new command `del_enctype' in kadmin
243 * strptime (and new strftime) add to roken
244 * more paranoia about finding libdb
245 * bug fixes
246
247Changes in release 0.2d:
248
249 * new configuration option [libdefaults]default_etypes_des
250 * internal ls in ftpd builds without KRB4
251 * kx/rsh/push/pop_debug tries v5 and v4 consistenly
252 * build bug fixes
253 * other bug fixes
254
255Changes in release 0.2c:
256
257 * bug fixes (see ChangeLog's for details)
258
259Changes in release 0.2b:
260
261 * bug fixes
262 * actually bump shared library versions
263
264Changes in release 0.2a:
265
266 * a new program verify_krb5_conf for checking your /etc/krb5.conf
267 * add 3DES keys when changing password
268 * support null keys in database
269 * support multiple local realms
270 * implement a keytab backend for AFS KeyFile's
271 * implement a keytab backend for v4 srvtabs
272 * implement `ktutil copy'
273 * support password quality control in v4 kadmind
274 * improvements in v4 compat kadmind
275 * handle the case of having the correct cred in the ccache but with
276   the wrong encryption type better
277 * v6-ify the remaining programs.
278 * internal ls in ftpd
279 * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat
280 * add `ank --random-password' and `cpw --random-password' in kadmin
281 * some programs and documentation for trying to talk to a W2K KDC
282 * bug fixes
283
284Changes in release 0.1m:
285
286 * support for getting default from krb5.conf for kinit/kf/rsh/telnet.
287   From Miroslav Ruda <ruda@ics.muni.cz>
288 * v6-ify hprop and hpropd
289 * support numeric addresses in krb5_mk_req
290 * shadow support in login and su. From Miroslav Ruda <ruda@ics.muni.cz>
291 * make rsh/rshd IPv6-aware
292 * make the gssapi sample applications better at reporting errors
293 * lots of bug fixes
294 * handle systems with v6-aware libc and non-v6 kernels (like Linux
295   with glibc 2.1) better
296 * hide failure of ERPT in ftp
297 * lots of bug fixes
298
299Changes in release 0.1l:
300
301 * make ftp and ftpd IPv6-aware
302 * add inet_pton to roken
303 * more IPv6-awareness
304 * make mini_inetd v6 aware
305
306Changes in release 0.1k:
307
308 * bump shared libraries versions
309 * add roken version of inet_ntop
310 * merge more changes to rshd
311
312Changes in release 0.1j:
313
314 * restore back to the `old' 3DES code.  This was supposed to be done
315   in 0.1h and 0.1i but I did a CVS screw-up.
316 * make telnetd handle v6 connections
317
318Changes in release 0.1i:
319
320 * start using `struct sockaddr_storage' which simplifies the code
321   (with a fallback definition if it's not defined)
322 * bug fixes (including in hprop and kf)
323 * don't use mawk which seems to mishandle roken.awk
324 * get_addrs should be able to handle v6 addresses on Linux (with the
325   required patch to the Linux kernel -- ask within)
326 * rshd builds with shadow passwords
327
328Changes in release 0.1h:
329
330 * kf: new program for forwarding credentials
331 * portability fixes
332 * make forwarding credentials work with MIT code
333 * better conversion of ka database
334 * add etc/services.append
335 * correct `modified by' from kpasswdd
336 * lots of bug fixes
337
338Changes in release 0.1g:
339
340 * kgetcred: new program for explicitly obtaining tickets
341 * configure fixes
342 * krb5-aware kx
343 * bug fixes
344
345Changes in release 0.1f;
346
347 * experimental support for v4 kadmin protokoll in kadmind
348 * bug fixes
349
350Changes in release 0.1e:
351
352 * try to handle old DCE and MIT kdcs
353 * support for older versions of credential cache files and keytabs
354 * postdated tickets work
355 * support for password quality checks in kpasswdd
356 * new flag --enable-kaserver for kdc
357 * renew fixes
358 * prototype su program
359 * updated (some) manpages
360 * support for KDC resource records
361 * should build with --without-krb4
362 * bug fixes
363
364Changes in release 0.1d:
365
366 * Support building with DB2 (uses 1.85-compat API)
367 * Support krb5-realm.DOMAIN in DNS
368 * new `ktutil srvcreate'
369 * v4/kafs support in klist/kdestroy
370 * bug fixes
371
372Changes in release 0.1c:
373
374 * fix ASN.1 encoding of signed integers
375 * somewhat working `ktutil get'
376 * some documentation updates
377 * update to Autoconf 2.13 and Automake 1.4
378 * the usual bug fixes
379
380Changes in release 0.1b:
381
382 * some old -> new crypto conversion utils
383 * bug fixes
384
385Changes in release 0.1a:
386
387 * new crypto code
388 * more bug fixes
389 * make sure we ask for DES keys in gssapi
390 * support signed ints in ASN1
391 * IPv6-bug fixes
392
393Changes in release 0.0u:
394
395 * lots of bug fixes
396
397Changes in release 0.0t:
398
399 * more robust parsing of krb5.conf
400 * include net{read,write} in lib/roken
401 * bug fixes
402
403Changes in release 0.0s:
404
405 * kludges for parsing options to rsh
406 * more robust parsing of krb5.conf
407 * removed some arbitrary limits
408 * bug fixes
409
410Changes in release 0.0r:
411
412 * default options for some programs
413 * bug fixes
414
415Changes in release 0.0q:
416
417 * support for building shared libraries with libtool
418 * bug fixes
419
420Changes in release 0.0p:
421
422 * keytab moved to /etc/krb5.keytab
423 * avoid false detection of IPv6 on Linux
424 * Lots of more functionality in the gssapi-library
425 * hprop can now read ka-server databases
426 * bug fixes
427
428Changes in release 0.0o:
429
430 * FTP with GSSAPI support.
431 * Bug fixes.
432
433Changes in release 0.0n:
434
435 * Incremental database propagation.
436 * Somewhat improved kadmin ui; the stuff in admin is now removed.
437 * Some support for using enctypes instead of keytypes.
438 * Lots of other improvement and bug fixes, see ChangeLog for details.
439