[krb5.git] / README

these were the
                   Kerberos Version 5, Release 1.1

                            Release Notes
which will be updated before the next release by
                        The MIT Kerberos Team

Unpacking the Source Distribution
---------------------------------

The source distribution of Kerberos 5 comes in three gzipped tarfiles,
krb5-1.1.src.tar.gz, krb5-1.1.doc.tar.gz, and krb5-1.1.crypto.tar.gz.
The krb5-1.1.doc.tar.gz contains the doc/ directory and this README
file.  The krb5-1.1.src.tar.gz contains the src/ directory and this
README file, except for the crypto library sources, which are in
krb5-1.1.crypto.tar.gz.

Instruction on how to extract the entire distribution follow.  These
directions assume that you want to extract into a directory called
DIST.

If you have the GNU tar program and gzip installed, you can simply do:

        mkdir DIST
        cd DIST
        gtar zxpf krb5-1.1.src.tar.gz
        gtar zxpf krb5-1.1.crypto.tar.gz
        gtar zxpf krb5-1.1.doc.tar.gz

If you don't have GNU tar, you will need to get the FSF gzip
distribution and use gzcat:

        mkdir DIST
        cd DIST
        gzcat krb5-1.1.src.tar.gz | tar xpf -
        gzcat krb5-1.1.crypto.tar.gz | tar xpf -
        gzcat krb5-1.1.doc.tar.gz | tar xpf -

Both of these methods will extract the sources into DIST/krb5-1.1/src
and the documentation into DIST/krb5-1.1/doc.

Building and Installing Kerberos 5
----------------------------------

The first file you should look at is doc/install.ps; it contains the
notes for building and installing Kerberos 5.  The info file
krb5-install.info has the same information in info file format.  You
can view this using the GNU emacs info-mode, or by using the
standalone info file viewer from the Free Software Foundation.  This
is also available as an HTML file, install.html.

Other good files to look at are admin-guide.ps and user-guide.ps,
which contain the system administrator's guide, and the user's guide,
respectively.  They are also available as info files
kerberos-admin.info and krb5-user.info, respectively.  These files are
also available as HTML files.

If you are attempting to build under Windows, please see the
src/windows/README file.

Reporting Bugs
--------------

Please report any problems/bugs/comments using the krb5-send-pr
program.  The krb5-send-pr program will be installed in the sbin
directory once you have successfully compiled and installed Kerberos
V5 (or if you have installed one of our binary distributions).

If you are not able to use krb5-send-pr because you haven't been able
compile and install Kerberos V5 on any platform, you may send mail to
krb5-bugs@mit.edu.

Notes, Major Changes, and Known Bugs
------------------------------------

* Triple DES support is included; however, it is only usable for
  service keys at the moment, due to a large number of compatibility
  issues.  For example, the GSSAPI library has some (buggy) support
  for a triple DES session key, but it is intentionally disabled.
  ** Do not use triple-DES in your config files except as described in
  ** the documentation.

* The principal database now uses the btree backend of Berkeley DB.
  This should result in improved KDC performance.

* The lib/rpc tests do not appear to work under NetBSD-1.4, for
  reasons that are not completely clear at the moment, but probably
  have something to do with portmapper interfacing.  This should not
  affect other operations, such as kadmind operation.

* Shared library builds are under a new framework; at this point only
  Solaris (2.x), Irix (6.5), NetBSD (1.4 i386), and possibly Linux are
  known to work.  All other working shared library builds may be
  figments of your imagination.

* Many existing databases, especially those converted from krb4
  original databases, may contain expiration dates in 1999.  You
  should make sure to update these expiration dates, and also change
  any config file entries that have two-digit years.

* Hardware preauthentication is known to be broken; this will be fixed
  in an upcoming release.

* krb524d now defaults to forking into the background; use
  "krb524d -nofork" to avoid forking.

* Not all reported bugs have been fixed in this release, due to time
  constraints.  We are planning to make another release in the near
  future with more complete triple DES support, and additional
  bugfixes.  Many of the bugs in our database are reported against
  what is now quite old code, or require hardware that we do not have,
  which make them difficult to reproduce and debug.  We will work on
  these older bugs and some externally submitted patches for the
  following release.

Copyright Notice and Legal Administrivia
----------------------------------------

Copyright (C) 1985-1999 by the Massachusetts Institute of Technology.

All rights reserved.

Export of this software from the United States of America may require
a specific license from the United States Government.  It is the
responsibility of any person or organization contemplating export to
obtain such a license before exporting.

WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
distribute this software and its documentation for any purpose and
without fee is hereby granted, provided that the above copyright
notice appear in all copies and that both that copyright notice and
this permission notice appear in supporting documentation, and that
the name of M.I.T. not be used in advertising or publicity pertaining
to distribution of the software without specific, written prior
permission.  Furthermore if you modify this software you must label
your software as modified software and not distribute it in such a
fashion that it might be confused with the original MIT software.
M.I.T. makes no representations about the suitability of this software
for any purpose.  It is provided "as is" without express or implied
warranty.

THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.

Individual source code files are copyright MIT, Cygnus Support,
OpenVision, Oracle, Sun Soft, FundsXpress, and others.

Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
and Zephyr are trademarks of the Massachusetts Institute of Technology
(MIT).  No commercial use of these trademarks may be made without
prior written permission of MIT.

"Commercial use" means use of a name in a product or other for-profit
manner.  It does NOT prevent a commercial firm from referring to the
MIT trademarks in order to convey information (although in doing so,
recognition of their trademark status should be given).

The following copyright and permission notice applies to the
OpenVision Kerberos Administration system located in kadmin/create,
kadmin/dbutil, kadmin/passwd, kadmin/server, lib/kadm5, and portions
of lib/rpc:

   Copyright, OpenVision Technologies, Inc., 1996, All Rights Reserved

   WARNING: Retrieving the OpenVision Kerberos Administration system 
   source code, as described below, indicates your acceptance of the 
   following terms.  If you do not agree to the following terms, do not 
   retrieve the OpenVision Kerberos administration system.

   You may freely use and distribute the Source Code and Object Code
   compiled from it, with or without modification, but this Source
   Code is provided to you "AS IS" EXCLUSIVE OF ANY WARRANTY,
   INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR
   FITNESS FOR A PARTICULAR PURPOSE, OR ANY OTHER WARRANTY, WHETHER
   EXPRESS OR IMPLIED.  IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY
   FOR ANY LOST PROFITS, LOSS OF DATA OR COSTS OF PROCUREMENT OF 
   SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR
   CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, INCLUDING, 
   WITHOUT LIMITATION, THOSE RESULTING FROM THE USE OF THE SOURCE 
   CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR ANY 
   OTHER REASON.

   OpenVision retains all copyrights in the donated Source Code. OpenVision
   also retains copyright to derivative works of the Source Code, whether
   created by OpenVision or by a third party. The OpenVision copyright 
   notice must be preserved if derivative works are made based on the 
   donated Source Code.

   OpenVision Technologies, Inc. has donated this Kerberos 
   Administration system to MIT for inclusion in the standard 
   Kerberos 5 distribution.  This donation underscores our 
   commitment to continuing Kerberos technology development 
   and our gratitude for the valuable work which has been 
   performed by MIT and the Kerberos community.

Acknowledgements
----------------

Appreciation Time!!!!  There are far too many people to try to thank
them all; many people have contributed to the development of Kerberos
V5.  This is only a partial listing....

Thanks to Paul Vixie and the Internet Software Consortium for funding
the work of Barry Jaspan.  This funding was invaluable for the OV
administration server integration, as well as the 1.0 release
preparation process.

Thanks to John Linn, Scott Foote, and all of the folks at OpenVision
Technologies, Inc., who donated their administration server for use in
the MIT release of Kerberos.

Thanks to Jeff Bigler, Mark Eichin, Marc Horowitz, Nancy Gilman, Ken
Raeburn, and all of the folks at Cygnus Support, who provided
innumerable bug fixes and portability enhancements to the Kerberos V5
tree.  Thanks especially to Jeff Bigler, for the new user and system
administrator's documentation.

Thanks to Doug Engert from ANL for providing many bug fixes, as well
as testing to ensure DCE interoperability.

Thanks to Ken Hornstein at NRL for providing many bug fixes and
suggestions.

Thanks to Sean Mullan and Bill Sommerfeld from Hewlett Packard for
their many suggestions and bug fixes.

Thanks to the members of the Kerberos V5 development team at MIT, both
past and present: Danillo Almeida, Jay Berkenbilt, Richard Basch, John
Carr, Don Davis, Alexandra Ellwood, Nancy Gilman, Matt Hancher, Sam
Hartman, Paul Hill, Marc Horowitz, Eva Jacobus, Barry Jaspan, Geoffrey
King, John Kohl, Scott McGuire, Kevin Mitchell, Cliff Neuman, Paul
Park, Ezra Peisach, Chris Provenzano, Ken Raeburn, Jon Rochlis, Jeff
Schiller, Brad Thompson, Harry Tsai, Ted Ts'o, Marshall Vale, Tom Yu.