1 Kerberos Version 5, Release 1.6.2
6 Unpacking the Source Distribution
7 ---------------------------------
9 The source distribution of Kerberos 5 comes in a gzipped tarfile,
10 krb5-1.6.2.tar.gz. Instructions on how to extract the entire
13 If you have the GNU tar program and gzip installed, you can simply do:
15 gtar zxpf krb5-1.6.2.tar.gz
17 If you don't have GNU tar, you will need to get the FSF gzip
18 distribution and use gzcat:
20 gzcat krb5-1.6.2.tar.gz | tar xpf -
22 Both of these methods will extract the sources into krb5-1.6.2/src and
23 the documentation into krb5-1.6.2/doc.
25 Building and Installing Kerberos 5
26 ----------------------------------
28 The first file you should look at is doc/install-guide.ps; it contains
29 the notes for building and installing Kerberos 5. The info file
30 krb5-install.info has the same information in info file format. You
31 can view this using the GNU emacs info-mode, or by using the
32 standalone info file viewer from the Free Software Foundation. This
33 is also available as an HTML file, install.html.
35 Other good files to look at are admin-guide.ps and user-guide.ps,
36 which contain the system administrator's guide, and the user's guide,
37 respectively. They are also available as info files
38 kerberos-admin.info and krb5-user.info, respectively. These files are
39 also available as HTML files.
41 If you are attempting to build under Windows, please see the
42 src/windows/README file.
47 Please report any problems/bugs/comments using the krb5-send-pr
48 program. The krb5-send-pr program will be installed in the sbin
49 directory once you have successfully compiled and installed Kerberos
50 V5 (or if you have installed one of our binary distributions).
52 If you are not able to use krb5-send-pr because you haven't been able
53 compile and install Kerberos V5 on any platform, you may send mail to
56 You may view bug reports by visiting
58 http://krbdev.mit.edu/rt/
60 and logging in as "guest" with password "guest".
62 Major changes in krb5-1.6.2
63 ---------------------------
65 [5585] fix MITKRB5-SA-2007-004: kadmind affected by multiple RPC
66 library vulnerabilities [CVE-2007-2442/VU#356961,
67 CVE-2007-2443/VU#365313]
68 [5586] fix MITKRB5-SA-2007-005: kadmind vulnerable to buffer overflow
69 [CVE-2007-2798/VU#554257]
71 krb5-1.6.2 changes by ticket ID
72 -------------------------------
74 5541 remove debugging code accidentally left in ftp/cmds.c
75 5546 race condition in referrals fallback
76 5547 profile stores empty string values without double quotes
77 5551 rd_req_decoded needs to deal with referral realms
78 5552 minor incompatability krb5-1.6.1 and OpenSSH_4.6p1, OpenSSL 0.9.8e
79 5554 Modify WIX installer to better support upgrading betas
80 5573 Kfw 3.2.0.msi is missing a file krb5/krb5.h
81 5579 krb5_walk_realm_tree leaks in capaths case
82 5585 fix MITKRB5-SA-2007-004 [CVE-2007-2442/VU#356961,
83 CVE-2007-2443/VU#365313]
84 5586 fix MITKRB5-SA-2007-005 [CVE-2007-2798/VU#554257]
86 Major changes in krb5-1.6.1
87 ---------------------------
89 [5508] Fix MITKRB5-SA-2007-001: telnetd allows login as arbitrary user
90 [CVE-2007-0956, VU#220816]
92 [5507] Fix MITKRB5-SA-2007-002: buffer overflow in krb5_klog_syslog
93 [CVE-2007-0957, VU#704024]
95 [5445] Fix MITKRB5-SA-2007-003: double-free in kadmind - the RPC
96 library could perform a double-free due to a GSS-API library
97 bug [CVE-2007-1216, VU#419344]
99 [5293] fix crash creating db2 database in non-existent directory
101 krb5-1.6.1 changes by ticket ID
102 -------------------------------
104 Listed below are the RT tickets of bugs fixed in krb5-1.6.1. Please see
106 http://krbdev.mit.edu/rt/NoAuth/krb5-1.6/fixed-1.6.1.html
108 for a current listing with links to the complete tickets.
110 2724 kdc.conf man page typo in v4_mode section
111 5233 Change in behaviour in gss_release_buffer() by mechtypes
112 introduces memory leak
113 5238 fix leak in gss_krb5int_unseal_token_v3
114 5246 Memory leak in tests/gssapi/t_imp_name.c
115 5257 error on gethostbyname is tested on errno instead of h_errno
116 5293 crash creating db2 database in non-existent directory
117 5294 create KDC database directory
118 5343 updated Windows README
119 5344 Update to KFW NSIS installer
120 5349 Proposed implementation of krb5_server_decrypt_ticket_keyblock
121 and krb5_server_decrypt_ticket_keytab
122 5353 kfw wix installer - memory overwrite error
123 5393 krb5-1.6: tcp kpasswd service required if only admin_server is
124 specified in krb5.conf
125 5394 krb5-1.6: segfault on password change
126 5396 Master ticket for NetIdMgr 1.2 commits
127 5397 NIM string tables
128 5398 NIM Kerberos v4 configuration dialog
129 5399 NIM Correct Visual Identity Expiration Status
130 5400 NIM Kerberos 5 Provider corrections
131 5403 Add KDC timesyncing support to the CCAPI ccache backend
132 5408 NIM - Context sensitive system tray menu and more
133 5409 KFW MSI installer corrections
134 5410 kt_file.c memory leak on error in krb5_kt_resolve /
137 5418 KFW: 32-bit builds use the pismere krbv4w32.dll library
138 5419 Microsoft Windows Visual Studio does not define ssize_t
139 5420 get_init_creds_opt extensibility
140 5437 hack to permit GetEnvironmentVariable usage without requiring
142 5445 gsstest doesn't like krb5-1.6 GSSAPI library
143 [also MITKRB5-SA-2007-003]
144 5446 KfW 3.1: stderr of kinit/klist/kdestroy cannot be re-directed
146 5447 tail portability bug in k5srvutil
147 5452 NIM Improved Alert Management
148 5453 Windows - some apps define ssize_t as a preprocessor symbol
149 5454 krb5_get_cred_from_kdc fails to null terminate the tgt list
150 5455 valgrind detects uninitialized (but really unused) bytes in
152 5457 More existence tests; path update
153 5458 osf1: get proper library dependencies installed
154 5461 reverting commit to windows WIX installer (revision 19207)
155 5469 KFW: Vista Integrated Logon
156 5476 Zero sockaddrs in fai_add_entry() so we can compare them with
158 5477 Enable Vista support for MSLSA
159 5478 NIM: New Default View and miscellaneous fixes
160 5480 krb5 library uses kdc.conf when it shouldn't
161 5490 KfW build automation
162 5491 WIX installer stores WinLogon event handler under wrong
164 5492 remove unwanted files from kfw build script
165 5493 KFW: problems with non-interactive logons
166 5495 NIM commits for KFW 3.2 Beta 1
167 5496 more bug fixes for NIM 1.2 (KFW 3.2)
168 5503 msi deployment guide updates for KFW 3.2
169 5504 Network Identity Manager 1.2 User Manual
170 5505 More commits for NIM 1.2 Beta 1
171 5507 MITKRB5-SA-2007-002: buffer overflow in krb5_klog_syslog
172 5508 MITKRB5-SA-2007-001: telnetd allows login as arbitrary user
173 5509 service location plugin returning no addresses handled
175 5510 krb5int_open_plugin_dirs errors out if directory does not
177 5514 wix installer - modify file list
178 5515 KFW NSIS installer - copyright updates and aklog removal
179 5516 NIM 1.2.0.1 corrections
180 5518 EAI_NODATA deprecated, not always defined
181 5521 KfW build system (post kfw-3.2-beta1)
182 5522 NIM 3.2 documentation update
183 5523 KFW 3.2 Beta 2 commits
184 5524 NIM doxyfile.cfg - update to Doxygen 1.5.2
185 5525 NIM 1.2 HtmlHelp User Documentation
186 5526 NIM - Fix taskbar button visibility on Vista
187 5527 kfw build - include netidmgr_userdoc.pdf in zip file
188 5528 Add vertical scrollbars to realm fields in dialogs
189 5529 Missing version resource info on krb5 files
190 5530 KFW 3.2.0.7002 about dialogue will not respond to alt-f4
191 5532 KFW Network Provider Improvements
192 5533 updates for NIM developer documentation
193 5534 kfwlogon corrections for XP
194 5535 More NIM Developer documentation updates
195 5537 only check current dir for a.tmp
196 5539 add option to export instead of checkout, etc.
198 Major changes in krb5-1.6
199 -------------------------
201 * Partial client implementation to handle server name referrals.
203 * Pre-authentication plug-in framework, donated by Red Hat.
205 * LDAP KDB plug-in, donated by Novell.
207 * Fix for MITKRB5-SA-2006-002: the RPC library could call an
208 uninitialized function pointer, which created a security
209 vulnerability for kadmind.
211 * Fix for MITKRB5-SA-2006-003: the GSS-API mechglue layer could fail
212 to initialize some output pointers, causing callers to attempt to
213 free uninitialized pointers. This caused a security vulnerability
216 Note that the implementation of referral handling involves a change to
217 the behavior of krb5_sname_to_principal() to return a zero-length
218 realm name if it is unable to find the realm corresponding to the
219 hostname. This special realm name signals the ticket-acquisition code
220 to request KDC canonicalization of service principal names. Other
221 library code has changed to accommodate this new behavior. This
222 particular method of implementing service principal name referral
223 handling may change in the future; we invite discussion on this
226 Major known bugs in krb5-1.6
227 ----------------------------
229 5293 crash creating db2 database in non-existent directory
231 Attempting to create a KDB in a non-existent directory using the
232 Berkeley DB back end may cause a crash resulting from a null pointer
233 dereference. If a core dump occurs, this may cause a local exposure
234 of sensitive information such a master key password. This will be
235 fixed in an upcoming patch release.
237 krb5-1.6 changes by ticket ID
238 -----------------------------
240 Listed below are the RT tickets of bugs fixed in krb5-1.6. Please see
242 http://krbdev.mit.edu/rt/NoAuth/krb5-1.6/fixed-1.6.html
244 for a current listing with links to the complete tickets.
246 1204 Unable to get a TGT cross-realm referral
247 2087 undocumented options for kpropd
248 2240 krb5-config --cflags gssapi when used by OpenSSH-snap-20040212
249 2579 kdc: add_to_transited may reference off end of array...
250 2652 Add support for referrals
251 2876 Tree does not compile with GCC 4.0
252 2935 KDB/LDAP backend
253 3089 krb5_verify_init_creds() is not thread safe
254 3091 add krb5_cc_new_unique()
255 3218 kdb5_util load requires that the dumpfile be writable.
256 3276 local array of structures not declared static
257 3288 NetIdMgr cannot obtain Kerberos 5 tickets containing addresses
258 3322 get_cred_via_tkt() checks too strict on server principal
259 3522 Error code definitions are outside macros to prevent multiple
260 inclusion in public headers
261 3642 changes for embedding manifest into dlls and exes
262 3735 Add TCP change/set password support
263 3947 allow multiple calls to krb5_get_error_message to retrieve message
264 3955 check calling conventions specified for Windows
265 3961 fix stdcc.c to build without USE_CCAPI_V3
266 4021 use GSS_C_NO_CHANNEL_BINDINGS not NULL in lib/rpc/auth_gss.c
267 4023 Turn off KLL automatic prompting support in kadmin
268 4024 gss_acquire_cred auto prompt support shouldn't break
269 gss_krb5_ccache_name()
270 4025 need to look harder for tclConfig.sh
271 4055 remove unused Metrowerks support from yarrow
272 4056 g_canon_name.c if-statement warning cleanup
273 4057 GSSAPI opaque types should be pointers to opaque structs, not void*
274 4256 Make process error
275 4292 LDAP error prevents KfM 6.0 from building on Tiger
276 4294 Bad loop logic in krb5_mcc_generate_new
277 4304 audit referrals merge (R18598)
278 4327 doc/krb5-protocol out of date
279 4389 cursor for iterating over ccaches
280 4412 Don't segfault if a preauth plugin module fails to load
281 4453 krb5-1.6-pre: fix warnings/ improve 64bit compatibility in the
283 4454 krb5-1.6-pre: kdb5_ldap_util stashsrvpw does not work
284 4455 IRIX build fails w/ GCC 4.0 (really GNU ld)
285 4482 enabling LDAP mix-in support for kdb5_util load
286 4488 osf1 -oldstyle_liblookup typo
287 4495 Avoid segfault in krb5_do_preauth_tryagain
288 4496 fix invalid access found by valgrind
289 4501 fix krb5_ldap_iterate to handle NULL match_expr and
290 open_db_and_mkey to use KRB5_KDB_SRV_TYPE_ADMIN
291 4534 don't confuse profile iterator in 425 princ conversion
292 4561 UC Berkeley BSD license change
293 4562 latest Novell ldap patches and kdb5_util dump support for ldap
294 4566 leaks in preauth plugin support
295 4567 KDC can crash for certain client requests when preauth plugins
297 4587 Change preauth plugin context scope and lifetimes
298 4624 remove t_prf and t_prf.o on make clean
299 4625 Make clean in lib/kdb leaves error table files
300 4657 krb5.h not C++-safe due to "struct krb5_cccol_cursor"
301 4683 Remove obsolete/conflicting prototype for krb524_convert_princs
302 4688 Add public function to get keylength associated with an enctype
303 4689 Update minor version numbers for 1.6
304 4690 Add "get_data" function to the client preauth plugin interface
305 4692 Document changing the krbtgt key
306 4693 Delay kadmind random number initialization until after fork
307 4735 more Novell ldap patches from Nov 6 and Fix for wrong password
308 policy reference count
309 4737 correct client preauth plugin request_context
310 4738 allow server preauth plugin verify_padata function to return e-data
311 4739 cccursor backend for CCAPI
312 4755 update copyrights and acknowledgments
313 4770 Add macros for __attribute__((deprecated)) for krb4 and des APIs
314 4771 LDAP patch from Novell, 2006-10-13
315 4772 fix some warnings in ldap code
316 4773 fix warning in preauth_plugin.h header
317 4774 avoid double frees in ccache manipulation around gen_new
318 4775 include realm in "can't resolve KDC" error message
319 4784 krb5_stdccv3_generate_new returns NULL ccache
320 4788 ccache double free in krb5_fcc_read_addrs().
321 4799 krb5_c_keylength -> krb5_c_keylengths; add krb5_c_random_to_key
322 4805 replace existing calls of cc_gen_new()
323 4841 free error message when freeing context
324 4846 clean up preauth2 salt debug code
325 4860 fix LDAP plugin Makefile.in lib frag substitutions
326 4928 krb5int_copy_data_contents shouldn't free memory it didn't allocate
327 4941 referrals changes to telnet have unconditional debugging printfs
328 4942 skip all modules in plugin if init function fails
329 4955 Referrals code breaks krb5_set_password_using_ccache to Active
331 4967 referrals support assumes all rewrites produce TGS principals
332 4972 return edata from non-PA_REQUIRED preauth types
333 4973 send a new request with the new padata returned by
334 krb5_do_preauth_tryagain()
335 4980 Remove unused prototype for krb5_find_config_files
336 4981 Make clean in lib/krb5/os does not clean test objs
337 4991 fix for kdb5_util load bug with dumps from a LDAP KDB
338 4994 minor update to kdb5_util man page for LDAP plugin
339 5003 krb5_cc_remove should work for the CCAPI
340 5005 Reading maxlife, maxrenewlife and ticket flags from conf file
342 5009 kadmin.local with LDAP backend fails to start when master key
343 enctype is not default enctype
344 5022 build the trunk on Windows (again)
345 5027 admin guide changes for the LDAP backend
346 5032 Don't leak padata when looping for krb5_do_preauth_tryagain()
347 5090 krb5_get_init_creds_opt_set_change_password_prompt
348 5115 krb5_rc_io_open_internal on error will call close(-1)
349 5116 minor ldap specific changes in man page
350 5121 keytab code can't match principals with realms not yet determined
351 5123 don't pass null pointer to krb5_do_preauth_tryagain()
352 5124 use KRB5KRB_ERR_GENERIC, not KRB_ERR_GENERIC in preauth2.c
353 5125 Add -clearpolicy to kadmin addprinc usage
354 5152 misc cleanups in admin guide ldap sections
355 5159 don't split HTML output from makeinfo
356 5223 Fix typo in user-guide.texinfo
357 5245 Repair broken links in NetIdMgr Help
358 5260 Deletion of principal fails
359 5265 update ldap/Makefile.in for newer autoconf substitution requirements
360 5271 Document KDC behavior without stash file
361 5279 Document what the kadmind ACL is for
362 5301 MITKRB5-SA-2006-002: svctcp_destroy() can call uninitialized function pointer
363 5302 MITKRB5-SA-2006-003: mechglue argument handling too lax
365 Copyright and Other Legal Notices
366 ---------------------------------
368 Copyright (C) 1985-2007 by the Massachusetts Institute of Technology.
372 Export of this software from the United States of America may require
373 a specific license from the United States Government. It is the
374 responsibility of any person or organization contemplating export to
375 obtain such a license before exporting.
377 WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
378 distribute this software and its documentation for any purpose and
379 without fee is hereby granted, provided that the above copyright
380 notice appear in all copies and that both that copyright notice and
381 this permission notice appear in supporting documentation, and that
382 the name of M.I.T. not be used in advertising or publicity pertaining
383 to distribution of the software without specific, written prior
384 permission. Furthermore if you modify this software you must label
385 your software as modified software and not distribute it in such a
386 fashion that it might be confused with the original MIT software.
387 M.I.T. makes no representations about the suitability of this software
388 for any purpose. It is provided "as is" without express or implied
391 THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
392 IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
393 WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
395 Individual source code files are copyright MIT, Cygnus Support,
396 Novell, OpenVision Technologies, Oracle, Red Hat, Sun Microsystems,
397 FundsXpress, and others.
399 Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
400 and Zephyr are trademarks of the Massachusetts Institute of Technology
401 (MIT). No commercial use of these trademarks may be made without
402 prior written permission of MIT.
404 "Commercial use" means use of a name in a product or other for-profit
405 manner. It does NOT prevent a commercial firm from referring to the
406 MIT trademarks in order to convey information (although in doing so,
407 recognition of their trademark status should be given).
411 Portions of src/lib/crypto have the following copyright:
413 Copyright (C) 1998 by the FundsXpress, INC.
417 Export of this software from the United States of America may require
418 a specific license from the United States Government. It is the
419 responsibility of any person or organization contemplating export to
420 obtain such a license before exporting.
422 WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
423 distribute this software and its documentation for any purpose and
424 without fee is hereby granted, provided that the above copyright
425 notice appear in all copies and that both that copyright notice and
426 this permission notice appear in supporting documentation, and that
427 the name of FundsXpress. not be used in advertising or publicity pertaining
428 to distribution of the software without specific, written prior
429 permission. FundsXpress makes no representations about the suitability of
430 this software for any purpose. It is provided "as is" without express
433 THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
434 IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
435 WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
440 The following copyright and permission notice applies to the
441 OpenVision Kerberos Administration system located in kadmin/create,
442 kadmin/dbutil, kadmin/passwd, kadmin/server, lib/kadm5, and portions
445 Copyright, OpenVision Technologies, Inc., 1996, All Rights Reserved
447 WARNING: Retrieving the OpenVision Kerberos Administration system
448 source code, as described below, indicates your acceptance of the
449 following terms. If you do not agree to the following terms, do not
450 retrieve the OpenVision Kerberos administration system.
452 You may freely use and distribute the Source Code and Object Code
453 compiled from it, with or without modification, but this Source
454 Code is provided to you "AS IS" EXCLUSIVE OF ANY WARRANTY,
455 INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR
456 FITNESS FOR A PARTICULAR PURPOSE, OR ANY OTHER WARRANTY, WHETHER
457 EXPRESS OR IMPLIED. IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY
458 FOR ANY LOST PROFITS, LOSS OF DATA OR COSTS OF PROCUREMENT OF
459 SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR
460 CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, INCLUDING,
461 WITHOUT LIMITATION, THOSE RESULTING FROM THE USE OF THE SOURCE
462 CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR ANY
465 OpenVision retains all copyrights in the donated Source Code. OpenVision
466 also retains copyright to derivative works of the Source Code, whether
467 created by OpenVision or by a third party. The OpenVision copyright
468 notice must be preserved if derivative works are made based on the
471 OpenVision Technologies, Inc. has donated this Kerberos
472 Administration system to MIT for inclusion in the standard
473 Kerberos 5 distribution. This donation underscores our
474 commitment to continuing Kerberos technology development
475 and our gratitude for the valuable work which has been
476 performed by MIT and the Kerberos community.
480 Portions contributed by Matt Crawford <crawdad@fnal.gov> were
481 work performed at Fermi National Accelerator Laboratory, which is
482 operated by Universities Research Association, Inc., under
483 contract DE-AC02-76CHO3000 with the U.S. Department of Energy.
487 The implementation of the Yarrow pseudo-random number generator in
488 src/lib/crypto/yarrow has the following copyright:
490 Copyright 2000 by Zero-Knowledge Systems, Inc.
492 Permission to use, copy, modify, distribute, and sell this software
493 and its documentation for any purpose is hereby granted without fee,
494 provided that the above copyright notice appear in all copies and that
495 both that copyright notice and this permission notice appear in
496 supporting documentation, and that the name of Zero-Knowledge Systems,
497 Inc. not be used in advertising or publicity pertaining to
498 distribution of the software without specific, written prior
499 permission. Zero-Knowledge Systems, Inc. makes no representations
500 about the suitability of this software for any purpose. It is
501 provided "as is" without express or implied warranty.
503 ZERO-KNOWLEDGE SYSTEMS, INC. DISCLAIMS ALL WARRANTIES WITH REGARD TO
504 THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
505 FITNESS, IN NO EVENT SHALL ZERO-KNOWLEDGE SYSTEMS, INC. BE LIABLE FOR
506 ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
507 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
508 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTUOUS ACTION, ARISING OUT
509 OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
513 The implementation of the AES encryption algorithm in
514 src/lib/crypto/aes has the following copyright:
516 Copyright (c) 2001, Dr Brian Gladman <brg@gladman.uk.net>, Worcester, UK.
521 The free distribution and use of this software in both source and binary
522 form is allowed (with or without changes) provided that:
524 1. distributions of this source code include the above copyright
525 notice, this list of conditions and the following disclaimer;
527 2. distributions in binary form include the above copyright
528 notice, this list of conditions and the following disclaimer
529 in the documentation and/or other associated materials;
531 3. the copyright holder's name is not used to endorse products
532 built using this software without specific written permission.
536 This software is provided 'as is' with no explcit or implied warranties
537 in respect of any properties, including, but not limited to, correctness
538 and fitness for purpose.
542 Portions contributed by Red Hat, including the pre-authentication
543 plug-ins framework, contain the following copyright:
545 Copyright (c) 2006 Red Hat, Inc.
546 Portions copyright (c) 2006 Massachusetts Institute of Technology
549 Redistribution and use in source and binary forms, with or without
550 modification, are permitted provided that the following conditions
553 * Redistributions of source code must retain the above copyright
554 notice, this list of conditions and the following disclaimer.
556 * Redistributions in binary form must reproduce the above
557 copyright notice, this list of conditions and the following
558 disclaimer in the documentation and/or other materials provided
559 with the distribution.
561 * Neither the name of Red Hat, Inc., nor the names of its
562 contributors may be used to endorse or promote products derived
563 from this software without specific prior written permission.
565 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
566 IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
567 TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
568 PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
569 OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
570 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
571 PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
572 PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
573 LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
574 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
575 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
579 The implementations of GSSAPI mechglue in GSSAPI-SPNEGO in
580 src/lib/gssapi, including the following files:
582 lib/gssapi/generic/gssapi_err_generic.et
583 lib/gssapi/mechglue/g_accept_sec_context.c
584 lib/gssapi/mechglue/g_acquire_cred.c
585 lib/gssapi/mechglue/g_canon_name.c
586 lib/gssapi/mechglue/g_compare_name.c
587 lib/gssapi/mechglue/g_context_time.c
588 lib/gssapi/mechglue/g_delete_sec_context.c
589 lib/gssapi/mechglue/g_dsp_name.c
590 lib/gssapi/mechglue/g_dsp_status.c
591 lib/gssapi/mechglue/g_dup_name.c
592 lib/gssapi/mechglue/g_exp_sec_context.c
593 lib/gssapi/mechglue/g_export_name.c
594 lib/gssapi/mechglue/g_glue.c
595 lib/gssapi/mechglue/g_imp_name.c
596 lib/gssapi/mechglue/g_imp_sec_context.c
597 lib/gssapi/mechglue/g_init_sec_context.c
598 lib/gssapi/mechglue/g_initialize.c
599 lib/gssapi/mechglue/g_inquire_context.c
600 lib/gssapi/mechglue/g_inquire_cred.c
601 lib/gssapi/mechglue/g_inquire_names.c
602 lib/gssapi/mechglue/g_process_context.c
603 lib/gssapi/mechglue/g_rel_buffer.c
604 lib/gssapi/mechglue/g_rel_cred.c
605 lib/gssapi/mechglue/g_rel_name.c
606 lib/gssapi/mechglue/g_rel_oid_set.c
607 lib/gssapi/mechglue/g_seal.c
608 lib/gssapi/mechglue/g_sign.c
609 lib/gssapi/mechglue/g_store_cred.c
610 lib/gssapi/mechglue/g_unseal.c
611 lib/gssapi/mechglue/g_userok.c
612 lib/gssapi/mechglue/g_utils.c
613 lib/gssapi/mechglue/g_verify.c
614 lib/gssapi/mechglue/gssd_pname_to_uid.c
615 lib/gssapi/mechglue/mglueP.h
616 lib/gssapi/mechglue/oid_ops.c
617 lib/gssapi/spnego/gssapiP_spnego.h
618 lib/gssapi/spnego/spnego_mech.c
620 are subject to the following license:
622 Copyright (c) 2004 Sun Microsystems, Inc.
624 Permission is hereby granted, free of charge, to any person obtaining a
625 copy of this software and associated documentation files (the
626 "Software"), to deal in the Software without restriction, including
627 without limitation the rights to use, copy, modify, merge, publish,
628 distribute, sublicense, and/or sell copies of the Software, and to
629 permit persons to whom the Software is furnished to do so, subject to
630 the following conditions:
632 The above copyright notice and this permission notice shall be included
633 in all copies or substantial portions of the Software.
635 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
636 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
637 MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
638 IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
639 CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
640 TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
641 SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
645 MIT Kerberos includes documentation and software developed at the
646 University of California at Berkeley, which includes this copyright
649 Copyright (C) 1983 Regents of the University of California.
652 Redistribution and use in source and binary forms, with or without
653 modification, are permitted provided that the following conditions
656 1. Redistributions of source code must retain the above copyright
657 notice, this list of conditions and the following disclaimer.
659 2. Redistributions in binary form must reproduce the above
660 copyright notice, this list of conditions and the following
661 disclaimer in the documentation and/or other materials provided
662 with the distribution.
664 3. Neither the name of the University nor the names of its
665 contributors may be used to endorse or promote products derived
666 from this software without specific prior written permission.
668 THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS "AS IS" AND
669 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
670 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
671 ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
672 FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
673 DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
674 OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
675 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
676 LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
677 OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
682 Portions contributed by Novell, Inc., including the LDAP database
683 backend, are subject to the following license:
685 Copyright (c) 2004-2005, Novell, Inc.
688 Redistribution and use in source and binary forms, with or without
689 modification, are permitted provided that the following conditions are met:
691 * Redistributions of source code must retain the above copyright notice,
692 this list of conditions and the following disclaimer.
693 * Redistributions in binary form must reproduce the above copyright
694 notice, this list of conditions and the following disclaimer in the
695 documentation and/or other materials provided with the distribution.
696 * The copyright holder's name is not used to endorse or promote products
697 derived from this software without specific prior written permission.
699 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
700 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
701 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
702 ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
703 LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
704 CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
705 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
706 INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
707 CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
708 ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
709 POSSIBILITY OF SUCH DAMAGE.
714 Thanks to Red Hat for donating the pre-authentication plug-in
717 Thanks to Novell for donating the KDB abstraction layer and the LDAP
720 Thanks to Sun Microsystems for donating their implementations of
723 Thanks to iDefense for notifying us about the vulnerability in
726 Thanks to the members of the Kerberos V5 development team at MIT, both
727 past and present: Danilo Almeida, Jeffrey Altman, Justin Anderson,
728 Richard Basch, Jay Berkenbilt, Mitch Berger, Andrew Boardman, Joe
729 Calzaretta, John Carr, Don Davis, Alexandra Ellwood, Nancy Gilman,
730 Matt Hancher, Sam Hartman, Paul Hill, Marc Horowitz, Eva Jacobus,
731 Miroslav Jurisic, Barry Jaspan, Geoffrey King, Kevin Koch, John Kohl,
732 Peter Litwack, Scott McGuire, Kevin Mitchell, Cliff Neuman, Paul Park,
733 Ezra Peisach, Chris Provenzano, Ken Raeburn, Jon Rochlis, Jeff
734 Schiller, Jen Selby, Brad Thompson, Harry Tsai, Ted Ts'o, Marshall