2 Kerberos Version 5, Release 1.1
5 which will be updated before the next release by
8 Unpacking the Source Distribution
9 ---------------------------------
11 The source distribution of Kerberos 5 comes in three gzipped tarfiles,
12 krb5-1.1.src.tar.gz, krb5-1.1.doc.tar.gz, and krb5-1.1.crypto.tar.gz.
13 The krb5-1.1.doc.tar.gz contains the doc/ directory and this README
14 file. The krb5-1.1.src.tar.gz contains the src/ directory and this
15 README file, except for the crypto library sources, which are in
16 krb5-1.1.crypto.tar.gz.
18 Instruction on how to extract the entire distribution follow. These
19 directions assume that you want to extract into a directory called
22 If you have the GNU tar program and gzip installed, you can simply do:
26 gtar zxpf krb5-1.1.src.tar.gz
27 gtar zxpf krb5-1.1.crypto.tar.gz
28 gtar zxpf krb5-1.1.doc.tar.gz
30 If you don't have GNU tar, you will need to get the FSF gzip
31 distribution and use gzcat:
35 gzcat krb5-1.1.src.tar.gz | tar xpf -
36 gzcat krb5-1.1.crypto.tar.gz | tar xpf -
37 gzcat krb5-1.1.doc.tar.gz | tar xpf -
39 Both of these methods will extract the sources into DIST/krb5-1.1/src
40 and the documentation into DIST/krb5-1.1/doc.
42 Building and Installing Kerberos 5
43 ----------------------------------
45 The first file you should look at is doc/install.ps; it contains the
46 notes for building and installing Kerberos 5. The info file
47 krb5-install.info has the same information in info file format. You
48 can view this using the GNU emacs info-mode, or by using the
49 standalone info file viewer from the Free Software Foundation. This
50 is also available as an HTML file, install.html.
52 Other good files to look at are admin-guide.ps and user-guide.ps,
53 which contain the system administrator's guide, and the user's guide,
54 respectively. They are also available as info files
55 kerberos-admin.info and krb5-user.info, respectively. These files are
56 also available as HTML files.
58 If you are attempting to build under Windows, please see the
59 src/windows/README file.
64 Please report any problems/bugs/comments using the krb5-send-pr
65 program. The krb5-send-pr program will be installed in the sbin
66 directory once you have successfully compiled and installed Kerberos
67 V5 (or if you have installed one of our binary distributions).
69 If you are not able to use krb5-send-pr because you haven't been able
70 compile and install Kerberos V5 on any platform, you may send mail to
73 Notes, Major Changes, and Known Bugs
74 ------------------------------------
76 * Triple DES support is included; however, it is only usable for
77 service keys at the moment, due to a large number of compatibility
78 issues. For example, the GSSAPI library has some (buggy) support
79 for a triple DES session key, but it is intentionally disabled.
80 ** Do not use triple-DES in your config files except as described in
83 * The principal database now uses the btree backend of Berkeley DB.
84 This should result in improved KDC performance.
86 * The lib/rpc tests do not appear to work under NetBSD-1.4, for
87 reasons that are not completely clear at the moment, but probably
88 have something to do with portmapper interfacing. This should not
89 affect other operations, such as kadmind operation.
91 * Shared library builds are under a new framework; at this point only
92 Solaris (2.x), Irix (6.5), NetBSD (1.4 i386), and possibly Linux are
93 known to work. All other working shared library builds may be
94 figments of your imagination.
96 * Many existing databases, especially those converted from krb4
97 original databases, may contain expiration dates in 1999. You
98 should make sure to update these expiration dates, and also change
99 any config file entries that have two-digit years.
101 * Hardware preauthentication is known to be broken; this will be fixed
102 in an upcoming release.
104 * krb524d now defaults to forking into the background; use
105 "krb524d -nofork" to avoid forking.
107 * Not all reported bugs have been fixed in this release, due to time
108 constraints. We are planning to make another release in the near
109 future with more complete triple DES support, and additional
110 bugfixes. Many of the bugs in our database are reported against
111 what is now quite old code, or require hardware that we do not have,
112 which make them difficult to reproduce and debug. We will work on
113 these older bugs and some externally submitted patches for the
116 Copyright Notice and Legal Administrivia
117 ----------------------------------------
119 Copyright (C) 1985-1999 by the Massachusetts Institute of Technology.
123 Export of this software from the United States of America may require
124 a specific license from the United States Government. It is the
125 responsibility of any person or organization contemplating export to
126 obtain such a license before exporting.
128 WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
129 distribute this software and its documentation for any purpose and
130 without fee is hereby granted, provided that the above copyright
131 notice appear in all copies and that both that copyright notice and
132 this permission notice appear in supporting documentation, and that
133 the name of M.I.T. not be used in advertising or publicity pertaining
134 to distribution of the software without specific, written prior
135 permission. Furthermore if you modify this software you must label
136 your software as modified software and not distribute it in such a
137 fashion that it might be confused with the original MIT software.
138 M.I.T. makes no representations about the suitability of this software
139 for any purpose. It is provided "as is" without express or implied
142 THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
143 IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
144 WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
146 Individual source code files are copyright MIT, Cygnus Support,
147 OpenVision, Oracle, Sun Soft, FundsXpress, and others.
149 Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
150 and Zephyr are trademarks of the Massachusetts Institute of Technology
151 (MIT). No commercial use of these trademarks may be made without
152 prior written permission of MIT.
154 "Commercial use" means use of a name in a product or other for-profit
155 manner. It does NOT prevent a commercial firm from referring to the
156 MIT trademarks in order to convey information (although in doing so,
157 recognition of their trademark status should be given).
159 The following copyright and permission notice applies to the
160 OpenVision Kerberos Administration system located in kadmin/create,
161 kadmin/dbutil, kadmin/passwd, kadmin/server, lib/kadm5, and portions
164 Copyright, OpenVision Technologies, Inc., 1996, All Rights Reserved
166 WARNING: Retrieving the OpenVision Kerberos Administration system
167 source code, as described below, indicates your acceptance of the
168 following terms. If you do not agree to the following terms, do not
169 retrieve the OpenVision Kerberos administration system.
171 You may freely use and distribute the Source Code and Object Code
172 compiled from it, with or without modification, but this Source
173 Code is provided to you "AS IS" EXCLUSIVE OF ANY WARRANTY,
174 INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR
175 FITNESS FOR A PARTICULAR PURPOSE, OR ANY OTHER WARRANTY, WHETHER
176 EXPRESS OR IMPLIED. IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY
177 FOR ANY LOST PROFITS, LOSS OF DATA OR COSTS OF PROCUREMENT OF
178 SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR
179 CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, INCLUDING,
180 WITHOUT LIMITATION, THOSE RESULTING FROM THE USE OF THE SOURCE
181 CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR ANY
184 OpenVision retains all copyrights in the donated Source Code. OpenVision
185 also retains copyright to derivative works of the Source Code, whether
186 created by OpenVision or by a third party. The OpenVision copyright
187 notice must be preserved if derivative works are made based on the
190 OpenVision Technologies, Inc. has donated this Kerberos
191 Administration system to MIT for inclusion in the standard
192 Kerberos 5 distribution. This donation underscores our
193 commitment to continuing Kerberos technology development
194 and our gratitude for the valuable work which has been
195 performed by MIT and the Kerberos community.
200 Appreciation Time!!!! There are far too many people to try to thank
201 them all; many people have contributed to the development of Kerberos
202 V5. This is only a partial listing....
204 Thanks to Paul Vixie and the Internet Software Consortium for funding
205 the work of Barry Jaspan. This funding was invaluable for the OV
206 administration server integration, as well as the 1.0 release
209 Thanks to John Linn, Scott Foote, and all of the folks at OpenVision
210 Technologies, Inc., who donated their administration server for use in
211 the MIT release of Kerberos.
213 Thanks to Jeff Bigler, Mark Eichin, Marc Horowitz, Nancy Gilman, Ken
214 Raeburn, and all of the folks at Cygnus Support, who provided
215 innumerable bug fixes and portability enhancements to the Kerberos V5
216 tree. Thanks especially to Jeff Bigler, for the new user and system
217 administrator's documentation.
219 Thanks to Doug Engert from ANL for providing many bug fixes, as well
220 as testing to ensure DCE interoperability.
222 Thanks to Ken Hornstein at NRL for providing many bug fixes and
225 Thanks to Sean Mullan and Bill Sommerfeld from Hewlett Packard for
226 their many suggestions and bug fixes.
228 Thanks to the members of the Kerberos V5 development team at MIT, both
229 past and present: Danillo Almeida, Jay Berkenbilt, Richard Basch, John
230 Carr, Don Davis, Alexandra Ellwood, Nancy Gilman, Matt Hancher, Sam
231 Hartman, Paul Hill, Marc Horowitz, Eva Jacobus, Barry Jaspan, Geoffrey
232 King, John Kohl, Scott McGuire, Kevin Mitchell, Cliff Neuman, Paul
233 Park, Ezra Peisach, Chris Provenzano, Ken Raeburn, Jon Rochlis, Jeff
234 Schiller, Brad Thompson, Harry Tsai, Ted Ts'o, Marshall Vale, Tom Yu.