1 Kerberos Version 5, Release 1.6.1
6 Unpacking the Source Distribution
7 ---------------------------------
9 The source distribution of Kerberos 5 comes in a gzipped tarfile,
10 krb5-1.6.1.tar.gz. Instructions on how to extract the entire
13 If you have the GNU tar program and gzip installed, you can simply do:
15 gtar zxpf krb5-1.6.1.tar.gz
17 If you don't have GNU tar, you will need to get the FSF gzip
18 distribution and use gzcat:
20 gzcat krb5-1.6.1.tar.gz | tar xpf -
22 Both of these methods will extract the sources into krb5-1.6.1/src and
23 the documentation into krb5-1.6.1/doc.
25 Building and Installing Kerberos 5
26 ----------------------------------
28 The first file you should look at is doc/install-guide.ps; it contains
29 the notes for building and installing Kerberos 5. The info file
30 krb5-install.info has the same information in info file format. You
31 can view this using the GNU emacs info-mode, or by using the
32 standalone info file viewer from the Free Software Foundation. This
33 is also available as an HTML file, install.html.
35 Other good files to look at are admin-guide.ps and user-guide.ps,
36 which contain the system administrator's guide, and the user's guide,
37 respectively. They are also available as info files
38 kerberos-admin.info and krb5-user.info, respectively. These files are
39 also available as HTML files.
41 If you are attempting to build under Windows, please see the
42 src/windows/README file.
47 Please report any problems/bugs/comments using the krb5-send-pr
48 program. The krb5-send-pr program will be installed in the sbin
49 directory once you have successfully compiled and installed Kerberos
50 V5 (or if you have installed one of our binary distributions).
52 If you are not able to use krb5-send-pr because you haven't been able
53 compile and install Kerberos V5 on any platform, you may send mail to
56 You may view bug reports by visiting
58 http://krbdev.mit.edu/rt/
60 and logging in as "guest" with password "guest".
62 Major changes in krb5-1.6.1
63 ---------------------------
65 [5508] Fix MITKRB5-SA-2007-001: telnetd allows login as arbitrary user
66 [CVE-2007-0956, VU#220816]
68 [5507] Fix MITKRB5-SA-2007-002: buffer overflow in krb5_klog_syslog
69 [CVE-2007-0957, VU#704024]
71 [5445] Fix MITKRB5-SA-2007-003: double-free in kadmind - the RPC
72 library could perform a double-free due to a GSS-API library
73 bug [CVE-2007-1216, VU#419344]
75 [5293] fix crash creating db2 database in non-existent directory
77 krb5-1.6.1 changes by ticket ID
78 -------------------------------
80 Listed below are the RT tickets of bugs fixed in krb5-1.6.1. Please see
82 http://krbdev.mit.edu/rt/NoAuth/krb5-1.6/fixed-1.6.1.html
84 for a current listing with links to the complete tickets.
86 2724 kdc.conf man page typo in v4_mode section
87 5233 Change in behaviour in gss_release_buffer() by mechtypes
88 introduces memory leak
89 5238 fix leak in gss_krb5int_unseal_token_v3
90 5246 Memory leak in tests/gssapi/t_imp_name.c
91 5257 error on gethostbyname is tested on errno instead of h_errno
92 5293 crash creating db2 database in non-existent directory
93 5294 create KDC database directory
94 5343 updated Windows README
95 5344 Update to KFW NSIS installer
96 5349 Proposed implementation of krb5_server_decrypt_ticket_keyblock
97 and krb5_server_decrypt_ticket_keytab
98 5353 kfw wix installer - memory overwrite error
99 5393 krb5-1.6: tcp kpasswd service required if only admin_server is
100 specified in krb5.conf
101 5394 krb5-1.6: segfault on password change
102 5396 Master ticket for NetIdMgr 1.2 commits
103 5397 NIM string tables
104 5398 NIM Kerberos v4 configuration dialog
105 5399 NIM Correct Visual Identity Expiration Status
106 5400 NIM Kerberos 5 Provider corrections
107 5403 Add KDC timesyncing support to the CCAPI ccache backend
108 5408 NIM - Context sensitive system tray menu and more
109 5409 KFW MSI installer corrections
110 5410 kt_file.c memory leak on error in krb5_kt_resolve /
113 5418 KFW: 32-bit builds use the pismere krbv4w32.dll library
114 5419 Microsoft Windows Visual Studio does not define ssize_t
115 5420 get_init_creds_opt extensibility
116 5437 hack to permit GetEnvironmentVariable usage without requiring
118 5445 gsstest doesn't like krb5-1.6 GSSAPI library
119 [also MITKRB5-SA-2007-003]
120 5446 KfW 3.1: stderr of kinit/klist/kdestroy cannot be re-directed
122 5447 tail portability bug in k5srvutil
123 5452 NIM Improved Alert Management
124 5453 Windows - some apps define ssize_t as a preprocessor symbol
125 5454 krb5_get_cred_from_kdc fails to null terminate the tgt list
126 5455 valgrind detects uninitialized (but really unused) bytes in
128 5457 More existence tests; path update
129 5458 osf1: get proper library dependencies installed
130 5461 reverting commit to windows WIX installer (revision 19207)
131 5469 KFW: Vista Integrated Logon
132 5476 Zero sockaddrs in fai_add_entry() so we can compare them with
134 5477 Enable Vista support for MSLSA
135 5478 NIM: New Default View and miscellaneous fixes
136 5480 krb5 library uses kdc.conf when it shouldn't
137 5490 KfW build automation
138 5491 WIX installer stores WinLogon event handler under wrong
140 5492 remove unwanted files from kfw build script
141 5493 KFW: problems with non-interactive logons
142 5495 NIM commits for KFW 3.2 Beta 1
143 5496 more bug fixes for NIM 1.2 (KFW 3.2)
144 5503 msi deployment guide updates for KFW 3.2
145 5504 Network Identity Manager 1.2 User Manual
146 5505 More commits for NIM 1.2 Beta 1
147 5507 MITKRB5-SA-2007-002: buffer overflow in krb5_klog_syslog
148 5508 MITKRB5-SA-2007-001: telnetd allows login as arbitrary user
149 5509 service location plugin returning no addresses handled
151 5510 krb5int_open_plugin_dirs errors out if directory does not
153 5514 wix installer - modify file list
154 5515 KFW NSIS installer - copyright updates and aklog removal
155 5516 NIM 1.2.0.1 corrections
156 5518 EAI_NODATA deprecated, not always defined
157 5521 KfW build system (post kfw-3.2-beta1)
158 5522 NIM 3.2 documentation update
159 5523 KFW 3.2 Beta 2 commits
160 5524 NIM doxyfile.cfg - update to Doxygen 1.5.2
161 5525 NIM 1.2 HtmlHelp User Documentation
162 5526 NIM - Fix taskbar button visibility on Vista
163 5527 kfw build - include netidmgr_userdoc.pdf in zip file
164 5528 Add vertical scrollbars to realm fields in dialogs
165 5529 Missing version resource info on krb5 files
166 5530 KFW 3.2.0.7002 about dialogue will not respond to alt-f4
167 5532 KFW Network Provider Improvements
168 5533 updates for NIM developer documentation
169 5534 kfwlogon corrections for XP
170 5535 More NIM Developer documentation updates
171 5537 only check current dir for a.tmp
172 5539 add option to export instead of checkout, etc.
174 Major changes in krb5-1.6
175 -------------------------
177 * Partial client implementation to handle server name referrals.
179 * Pre-authentication plug-in framework, donated by Red Hat.
181 * LDAP KDB plug-in, donated by Novell.
183 * Fix for MITKRB5-SA-2006-002: the RPC library could call an
184 uninitialized function pointer, which created a security
185 vulnerability for kadmind.
187 * Fix for MITKRB5-SA-2006-003: the GSS-API mechglue layer could fail
188 to initialize some output pointers, causing callers to attempt to
189 free uninitialized pointers. This caused a security vulnerability
192 Note that the implementation of referral handling involves a change to
193 the behavior of krb5_sname_to_principal() to return a zero-length
194 realm name if it is unable to find the realm corresponding to the
195 hostname. This special realm name signals the ticket-acquisition code
196 to request KDC canonicalization of service principal names. Other
197 library code has changed to accommodate this new behavior. This
198 particular method of implementing service principal name referral
199 handling may change in the future; we invite discussion on this
202 Major known bugs in krb5-1.6
203 ----------------------------
205 5293 crash creating db2 database in non-existent directory
207 Attempting to create a KDB in a non-existent directory using the
208 Berkeley DB back end may cause a crash resulting from a null pointer
209 dereference. If a core dump occurs, this may cause a local exposure
210 of sensitive information such a master key password. This will be
211 fixed in an upcoming patch release.
213 krb5-1.6 changes by ticket ID
214 -----------------------------
216 Listed below are the RT tickets of bugs fixed in krb5-1.6. Please see
218 http://krbdev.mit.edu/rt/NoAuth/krb5-1.6/fixed-1.6.html
220 for a current listing with links to the complete tickets.
222 1204 Unable to get a TGT cross-realm referral
223 2087 undocumented options for kpropd
224 2240 krb5-config --cflags gssapi when used by OpenSSH-snap-20040212
225 2579 kdc: add_to_transited may reference off end of array...
226 2652 Add support for referrals
227 2876 Tree does not compile with GCC 4.0
228 2935 KDB/LDAP backend
229 3089 krb5_verify_init_creds() is not thread safe
230 3091 add krb5_cc_new_unique()
231 3218 kdb5_util load requires that the dumpfile be writable.
232 3276 local array of structures not declared static
233 3288 NetIdMgr cannot obtain Kerberos 5 tickets containing addresses
234 3322 get_cred_via_tkt() checks too strict on server principal
235 3522 Error code definitions are outside macros to prevent multiple
236 inclusion in public headers
237 3642 changes for embedding manifest into dlls and exes
238 3735 Add TCP change/set password support
239 3947 allow multiple calls to krb5_get_error_message to retrieve message
240 3955 check calling conventions specified for Windows
241 3961 fix stdcc.c to build without USE_CCAPI_V3
242 4021 use GSS_C_NO_CHANNEL_BINDINGS not NULL in lib/rpc/auth_gss.c
243 4023 Turn off KLL automatic prompting support in kadmin
244 4024 gss_acquire_cred auto prompt support shouldn't break
245 gss_krb5_ccache_name()
246 4025 need to look harder for tclConfig.sh
247 4055 remove unused Metrowerks support from yarrow
248 4056 g_canon_name.c if-statement warning cleanup
249 4057 GSSAPI opaque types should be pointers to opaque structs, not void*
250 4256 Make process error
251 4292 LDAP error prevents KfM 6.0 from building on Tiger
252 4294 Bad loop logic in krb5_mcc_generate_new
253 4304 audit referrals merge (R18598)
254 4327 doc/krb5-protocol out of date
255 4389 cursor for iterating over ccaches
256 4412 Don't segfault if a preauth plugin module fails to load
257 4453 krb5-1.6-pre: fix warnings/ improve 64bit compatibility in the
259 4454 krb5-1.6-pre: kdb5_ldap_util stashsrvpw does not work
260 4455 IRIX build fails w/ GCC 4.0 (really GNU ld)
261 4482 enabling LDAP mix-in support for kdb5_util load
262 4488 osf1 -oldstyle_liblookup typo
263 4495 Avoid segfault in krb5_do_preauth_tryagain
264 4496 fix invalid access found by valgrind
265 4501 fix krb5_ldap_iterate to handle NULL match_expr and
266 open_db_and_mkey to use KRB5_KDB_SRV_TYPE_ADMIN
267 4534 don't confuse profile iterator in 425 princ conversion
268 4561 UC Berkeley BSD license change
269 4562 latest Novell ldap patches and kdb5_util dump support for ldap
270 4566 leaks in preauth plugin support
271 4567 KDC can crash for certain client requests when preauth plugins
273 4587 Change preauth plugin context scope and lifetimes
274 4624 remove t_prf and t_prf.o on make clean
275 4625 Make clean in lib/kdb leaves error table files
276 4657 krb5.h not C++-safe due to "struct krb5_cccol_cursor"
277 4683 Remove obsolete/conflicting prototype for krb524_convert_princs
278 4688 Add public function to get keylength associated with an enctype
279 4689 Update minor version numbers for 1.6
280 4690 Add "get_data" function to the client preauth plugin interface
281 4692 Document changing the krbtgt key
282 4693 Delay kadmind random number initialization until after fork
283 4735 more Novell ldap patches from Nov 6 and Fix for wrong password
284 policy reference count
285 4737 correct client preauth plugin request_context
286 4738 allow server preauth plugin verify_padata function to return e-data
287 4739 cccursor backend for CCAPI
288 4755 update copyrights and acknowledgments
289 4770 Add macros for __attribute__((deprecated)) for krb4 and des APIs
290 4771 LDAP patch from Novell, 2006-10-13
291 4772 fix some warnings in ldap code
292 4773 fix warning in preauth_plugin.h header
293 4774 avoid double frees in ccache manipulation around gen_new
294 4775 include realm in "can't resolve KDC" error message
295 4784 krb5_stdccv3_generate_new returns NULL ccache
296 4788 ccache double free in krb5_fcc_read_addrs().
297 4799 krb5_c_keylength -> krb5_c_keylengths; add krb5_c_random_to_key
298 4805 replace existing calls of cc_gen_new()
299 4841 free error message when freeing context
300 4846 clean up preauth2 salt debug code
301 4860 fix LDAP plugin Makefile.in lib frag substitutions
302 4928 krb5int_copy_data_contents shouldn't free memory it didn't allocate
303 4941 referrals changes to telnet have unconditional debugging printfs
304 4942 skip all modules in plugin if init function fails
305 4955 Referrals code breaks krb5_set_password_using_ccache to Active
307 4967 referrals support assumes all rewrites produce TGS principals
308 4972 return edata from non-PA_REQUIRED preauth types
309 4973 send a new request with the new padata returned by
310 krb5_do_preauth_tryagain()
311 4980 Remove unused prototype for krb5_find_config_files
312 4981 Make clean in lib/krb5/os does not clean test objs
313 4991 fix for kdb5_util load bug with dumps from a LDAP KDB
314 4994 minor update to kdb5_util man page for LDAP plugin
315 5003 krb5_cc_remove should work for the CCAPI
316 5005 Reading maxlife, maxrenewlife and ticket flags from conf file
318 5009 kadmin.local with LDAP backend fails to start when master key
319 enctype is not default enctype
320 5022 build the trunk on Windows (again)
321 5027 admin guide changes for the LDAP backend
322 5032 Don't leak padata when looping for krb5_do_preauth_tryagain()
323 5090 krb5_get_init_creds_opt_set_change_password_prompt
324 5115 krb5_rc_io_open_internal on error will call close(-1)
325 5116 minor ldap specific changes in man page
326 5121 keytab code can't match principals with realms not yet determined
327 5123 don't pass null pointer to krb5_do_preauth_tryagain()
328 5124 use KRB5KRB_ERR_GENERIC, not KRB_ERR_GENERIC in preauth2.c
329 5125 Add -clearpolicy to kadmin addprinc usage
330 5152 misc cleanups in admin guide ldap sections
331 5159 don't split HTML output from makeinfo
332 5223 Fix typo in user-guide.texinfo
333 5245 Repair broken links in NetIdMgr Help
334 5260 Deletion of principal fails
335 5265 update ldap/Makefile.in for newer autoconf substitution requirements
336 5271 Document KDC behavior without stash file
337 5279 Document what the kadmind ACL is for
338 5301 MITKRB5-SA-2006-002: svctcp_destroy() can call uninitialized function pointer
339 5302 MITKRB5-SA-2006-003: mechglue argument handling too lax
341 Copyright and Other Legal Notices
342 ---------------------------------
344 Copyright (C) 1985-2007 by the Massachusetts Institute of Technology.
348 Export of this software from the United States of America may require
349 a specific license from the United States Government. It is the
350 responsibility of any person or organization contemplating export to
351 obtain such a license before exporting.
353 WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
354 distribute this software and its documentation for any purpose and
355 without fee is hereby granted, provided that the above copyright
356 notice appear in all copies and that both that copyright notice and
357 this permission notice appear in supporting documentation, and that
358 the name of M.I.T. not be used in advertising or publicity pertaining
359 to distribution of the software without specific, written prior
360 permission. Furthermore if you modify this software you must label
361 your software as modified software and not distribute it in such a
362 fashion that it might be confused with the original MIT software.
363 M.I.T. makes no representations about the suitability of this software
364 for any purpose. It is provided "as is" without express or implied
367 THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
368 IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
369 WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
371 Individual source code files are copyright MIT, Cygnus Support,
372 Novell, OpenVision Technologies, Oracle, Red Hat, Sun Microsystems,
373 FundsXpress, and others.
375 Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
376 and Zephyr are trademarks of the Massachusetts Institute of Technology
377 (MIT). No commercial use of these trademarks may be made without
378 prior written permission of MIT.
380 "Commercial use" means use of a name in a product or other for-profit
381 manner. It does NOT prevent a commercial firm from referring to the
382 MIT trademarks in order to convey information (although in doing so,
383 recognition of their trademark status should be given).
387 Portions of src/lib/crypto have the following copyright:
389 Copyright (C) 1998 by the FundsXpress, INC.
393 Export of this software from the United States of America may require
394 a specific license from the United States Government. It is the
395 responsibility of any person or organization contemplating export to
396 obtain such a license before exporting.
398 WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
399 distribute this software and its documentation for any purpose and
400 without fee is hereby granted, provided that the above copyright
401 notice appear in all copies and that both that copyright notice and
402 this permission notice appear in supporting documentation, and that
403 the name of FundsXpress. not be used in advertising or publicity pertaining
404 to distribution of the software without specific, written prior
405 permission. FundsXpress makes no representations about the suitability of
406 this software for any purpose. It is provided "as is" without express
409 THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
410 IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
411 WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
416 The following copyright and permission notice applies to the
417 OpenVision Kerberos Administration system located in kadmin/create,
418 kadmin/dbutil, kadmin/passwd, kadmin/server, lib/kadm5, and portions
421 Copyright, OpenVision Technologies, Inc., 1996, All Rights Reserved
423 WARNING: Retrieving the OpenVision Kerberos Administration system
424 source code, as described below, indicates your acceptance of the
425 following terms. If you do not agree to the following terms, do not
426 retrieve the OpenVision Kerberos administration system.
428 You may freely use and distribute the Source Code and Object Code
429 compiled from it, with or without modification, but this Source
430 Code is provided to you "AS IS" EXCLUSIVE OF ANY WARRANTY,
431 INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR
432 FITNESS FOR A PARTICULAR PURPOSE, OR ANY OTHER WARRANTY, WHETHER
433 EXPRESS OR IMPLIED. IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY
434 FOR ANY LOST PROFITS, LOSS OF DATA OR COSTS OF PROCUREMENT OF
435 SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR
436 CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, INCLUDING,
437 WITHOUT LIMITATION, THOSE RESULTING FROM THE USE OF THE SOURCE
438 CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR ANY
441 OpenVision retains all copyrights in the donated Source Code. OpenVision
442 also retains copyright to derivative works of the Source Code, whether
443 created by OpenVision or by a third party. The OpenVision copyright
444 notice must be preserved if derivative works are made based on the
447 OpenVision Technologies, Inc. has donated this Kerberos
448 Administration system to MIT for inclusion in the standard
449 Kerberos 5 distribution. This donation underscores our
450 commitment to continuing Kerberos technology development
451 and our gratitude for the valuable work which has been
452 performed by MIT and the Kerberos community.
456 Portions contributed by Matt Crawford <crawdad@fnal.gov> were
457 work performed at Fermi National Accelerator Laboratory, which is
458 operated by Universities Research Association, Inc., under
459 contract DE-AC02-76CHO3000 with the U.S. Department of Energy.
463 The implementation of the Yarrow pseudo-random number generator in
464 src/lib/crypto/yarrow has the following copyright:
466 Copyright 2000 by Zero-Knowledge Systems, Inc.
468 Permission to use, copy, modify, distribute, and sell this software
469 and its documentation for any purpose is hereby granted without fee,
470 provided that the above copyright notice appear in all copies and that
471 both that copyright notice and this permission notice appear in
472 supporting documentation, and that the name of Zero-Knowledge Systems,
473 Inc. not be used in advertising or publicity pertaining to
474 distribution of the software without specific, written prior
475 permission. Zero-Knowledge Systems, Inc. makes no representations
476 about the suitability of this software for any purpose. It is
477 provided "as is" without express or implied warranty.
479 ZERO-KNOWLEDGE SYSTEMS, INC. DISCLAIMS ALL WARRANTIES WITH REGARD TO
480 THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
481 FITNESS, IN NO EVENT SHALL ZERO-KNOWLEDGE SYSTEMS, INC. BE LIABLE FOR
482 ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
483 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
484 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTUOUS ACTION, ARISING OUT
485 OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
489 The implementation of the AES encryption algorithm in
490 src/lib/crypto/aes has the following copyright:
492 Copyright (c) 2001, Dr Brian Gladman <brg@gladman.uk.net>, Worcester, UK.
497 The free distribution and use of this software in both source and binary
498 form is allowed (with or without changes) provided that:
500 1. distributions of this source code include the above copyright
501 notice, this list of conditions and the following disclaimer;
503 2. distributions in binary form include the above copyright
504 notice, this list of conditions and the following disclaimer
505 in the documentation and/or other associated materials;
507 3. the copyright holder's name is not used to endorse products
508 built using this software without specific written permission.
512 This software is provided 'as is' with no explcit or implied warranties
513 in respect of any properties, including, but not limited to, correctness
514 and fitness for purpose.
518 Portions contributed by Red Hat, including the pre-authentication
519 plug-ins framework, contain the following copyright:
521 Copyright (c) 2006 Red Hat, Inc.
522 Portions copyright (c) 2006 Massachusetts Institute of Technology
525 Redistribution and use in source and binary forms, with or without
526 modification, are permitted provided that the following conditions
529 * Redistributions of source code must retain the above copyright
530 notice, this list of conditions and the following disclaimer.
532 * Redistributions in binary form must reproduce the above
533 copyright notice, this list of conditions and the following
534 disclaimer in the documentation and/or other materials provided
535 with the distribution.
537 * Neither the name of Red Hat, Inc., nor the names of its
538 contributors may be used to endorse or promote products derived
539 from this software without specific prior written permission.
541 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
542 IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
543 TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
544 PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
545 OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
546 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
547 PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
548 PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
549 LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
550 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
551 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
555 The implementations of GSSAPI mechglue in GSSAPI-SPNEGO in
556 src/lib/gssapi, including the following files:
558 lib/gssapi/generic/gssapi_err_generic.et
559 lib/gssapi/mechglue/g_accept_sec_context.c
560 lib/gssapi/mechglue/g_acquire_cred.c
561 lib/gssapi/mechglue/g_canon_name.c
562 lib/gssapi/mechglue/g_compare_name.c
563 lib/gssapi/mechglue/g_context_time.c
564 lib/gssapi/mechglue/g_delete_sec_context.c
565 lib/gssapi/mechglue/g_dsp_name.c
566 lib/gssapi/mechglue/g_dsp_status.c
567 lib/gssapi/mechglue/g_dup_name.c
568 lib/gssapi/mechglue/g_exp_sec_context.c
569 lib/gssapi/mechglue/g_export_name.c
570 lib/gssapi/mechglue/g_glue.c
571 lib/gssapi/mechglue/g_imp_name.c
572 lib/gssapi/mechglue/g_imp_sec_context.c
573 lib/gssapi/mechglue/g_init_sec_context.c
574 lib/gssapi/mechglue/g_initialize.c
575 lib/gssapi/mechglue/g_inquire_context.c
576 lib/gssapi/mechglue/g_inquire_cred.c
577 lib/gssapi/mechglue/g_inquire_names.c
578 lib/gssapi/mechglue/g_process_context.c
579 lib/gssapi/mechglue/g_rel_buffer.c
580 lib/gssapi/mechglue/g_rel_cred.c
581 lib/gssapi/mechglue/g_rel_name.c
582 lib/gssapi/mechglue/g_rel_oid_set.c
583 lib/gssapi/mechglue/g_seal.c
584 lib/gssapi/mechglue/g_sign.c
585 lib/gssapi/mechglue/g_store_cred.c
586 lib/gssapi/mechglue/g_unseal.c
587 lib/gssapi/mechglue/g_userok.c
588 lib/gssapi/mechglue/g_utils.c
589 lib/gssapi/mechglue/g_verify.c
590 lib/gssapi/mechglue/gssd_pname_to_uid.c
591 lib/gssapi/mechglue/mglueP.h
592 lib/gssapi/mechglue/oid_ops.c
593 lib/gssapi/spnego/gssapiP_spnego.h
594 lib/gssapi/spnego/spnego_mech.c
596 are subject to the following license:
598 Copyright (c) 2004 Sun Microsystems, Inc.
600 Permission is hereby granted, free of charge, to any person obtaining a
601 copy of this software and associated documentation files (the
602 "Software"), to deal in the Software without restriction, including
603 without limitation the rights to use, copy, modify, merge, publish,
604 distribute, sublicense, and/or sell copies of the Software, and to
605 permit persons to whom the Software is furnished to do so, subject to
606 the following conditions:
608 The above copyright notice and this permission notice shall be included
609 in all copies or substantial portions of the Software.
611 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
612 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
613 MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
614 IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
615 CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
616 TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
617 SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
621 MIT Kerberos includes documentation and software developed at the
622 University of California at Berkeley, which includes this copyright
625 Copyright (C) 1983 Regents of the University of California.
628 Redistribution and use in source and binary forms, with or without
629 modification, are permitted provided that the following conditions
632 1. Redistributions of source code must retain the above copyright
633 notice, this list of conditions and the following disclaimer.
635 2. Redistributions in binary form must reproduce the above
636 copyright notice, this list of conditions and the following
637 disclaimer in the documentation and/or other materials provided
638 with the distribution.
640 3. Neither the name of the University nor the names of its
641 contributors may be used to endorse or promote products derived
642 from this software without specific prior written permission.
644 THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS "AS IS" AND
645 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
646 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
647 ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
648 FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
649 DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
650 OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
651 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
652 LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
653 OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
658 Portions contributed by Novell, Inc., including the LDAP database
659 backend, are subject to the following license:
661 Copyright (c) 2004-2005, Novell, Inc.
664 Redistribution and use in source and binary forms, with or without
665 modification, are permitted provided that the following conditions are met:
667 * Redistributions of source code must retain the above copyright notice,
668 this list of conditions and the following disclaimer.
669 * Redistributions in binary form must reproduce the above copyright
670 notice, this list of conditions and the following disclaimer in the
671 documentation and/or other materials provided with the distribution.
672 * The copyright holder's name is not used to endorse or promote products
673 derived from this software without specific prior written permission.
675 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
676 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
677 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
678 ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
679 LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
680 CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
681 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
682 INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
683 CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
684 ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
685 POSSIBILITY OF SUCH DAMAGE.
690 Thanks to Red Hat for donating the pre-authentication plug-in
693 Thanks to Novell for donating the KDB abstraction layer and the LDAP
696 Thanks to Sun Microsystems for donating their implementations of
699 Thanks to iDefense for notifying us about the vulnerability in
702 Thanks to the members of the Kerberos V5 development team at MIT, both
703 past and present: Danilo Almeida, Jeffrey Altman, Justin Anderson,
704 Richard Basch, Jay Berkenbilt, Mitch Berger, Andrew Boardman, Joe
705 Calzaretta, John Carr, Don Davis, Alexandra Ellwood, Nancy Gilman,
706 Matt Hancher, Sam Hartman, Paul Hill, Marc Horowitz, Eva Jacobus,
707 Miroslav Jurisic, Barry Jaspan, Geoffrey King, Kevin Koch, John Kohl,
708 Peter Litwack, Scott McGuire, Kevin Mitchell, Cliff Neuman, Paul Park,
709 Ezra Peisach, Chris Provenzano, Ken Raeburn, Jon Rochlis, Jeff
710 Schiller, Jen Selby, Brad Thompson, Harry Tsai, Ted Ts'o, Marshall