1 Kerberos Version 5, Release 1.8
6 Copyright and Other Notices
7 ---------------------------
9 Copyright (C) 1985-2011 by the Massachusetts Institute of Technology
10 and its contributors. All rights reserved.
12 Please see the file named NOTICE for additional notices.
14 MIT Kerberos is a project of the MIT Kerberos Consortium. For more
15 information about the Kerberos Consortium, see http://kerberos.org/
17 For more information about the MIT Kerberos software, see
18 http://web.mit.edu/kerberos/
20 People interested in participating in the MIT Kerberos development
21 effort should visit http://k5wiki.kerberos.org/
23 Building and Installing Kerberos 5
24 ----------------------------------
26 The first file you should look at is doc/install-guide.ps; it contains
27 the notes for building and installing Kerberos 5. The info file
28 krb5-install.info has the same information in info file format. You
29 can view this using the GNU emacs info-mode, or by using the
30 standalone info file viewer from the Free Software Foundation. This
31 is also available as an HTML file, install.html.
33 Other good files to look at are admin-guide.ps and user-guide.ps,
34 which contain the system administrator's guide, and the user's guide,
35 respectively. They are also available as info files
36 kerberos-admin.info and krb5-user.info, respectively. These files are
37 also available as HTML files.
39 If you are attempting to build under Windows, please see the
40 src/windows/README file.
45 Please report any problems/bugs/comments using the krb5-send-pr
46 program. The krb5-send-pr program will be installed in the sbin
47 directory once you have successfully compiled and installed Kerberos
48 V5 (or if you have installed one of our binary distributions).
50 If you are not able to use krb5-send-pr because you haven't been able
51 compile and install Kerberos V5 on any platform, you may send mail to
54 Please keep in mind that unencrypted e-mail is not secure. If you need
55 to report a security vulnerability, or send sensitive information,
56 please PGP-encrypt it to krbcore-security@mit.edu.
58 You may view bug reports by visiting
60 http://krbdev.mit.edu/rt/
62 and logging in as "guest" with password "guest".
67 The krb5-1.8 release disables single-DES cryptosystems by default. As
68 a result, you may need to add the libdefaults setting
69 "allow_weak_crypto = true" to communicate with existing Kerberos
70 infrastructures if they do not support stronger ciphers.
72 The Data Encryption Standard (DES) is widely recognized as weak. The
73 krb5-1.7 release contains measures to encourage sites to migrate away
74 from using single-DES cryptosystems. Among these is a configuration
75 variable that enables "weak" enctypes, which now defaults to "false"
76 beginning with krb5-1.8. The krb5-1.8 release includes additional
77 measures to ease the transition away from single-DES. These
78 additional measures include:
80 * enctype config enhancements (so you can do "DEFAULT +des", etc.)
81 * new API to allow applications (e.g. AFS) to explicitly reenable weak
83 * easier kadmin history key changes
85 Major changes in 1.8.4
86 ----------------------
88 This is primarily a bugfix release.
90 * Fix vulnerabilities:
91 ** KDC uninitialized pointer crash [MITKRB5-SA-2010-006 CVE-2010-1322]
92 ** kpropd denial of service [MITKRB5-SA-2011-001 CVE-2010-4022]
93 ** KDC denial of service attacks [MITKRB5-SA-2011-002
94 CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]
95 ** KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003
97 ** kadmind frees invalid pointer [MITKRB5-SA-2011-004 CVE-2011-0285]
101 ** Correctly encrypt GSSAPI forwarded credentials using the session
104 ** Set NT-SRV-INST on TGS principal names as expected by some
105 Windows Server Domain Controllers.
107 ** Don't reject AP-REQ messages if their PAC doesn't validate;
108 suppress the PAC instead.
110 ** Correctly validate HMAC-MD5 checksums that use DES keys
112 krb5-1.8.4 changes by ticket ID
113 -------------------------------
115 6701 syntax error in src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif
116 6764 has_mandatory_for_kdc_authdata checks only first authdata element
117 6768 GSSAPI forwarded credentials must be encrypted in session key
118 6790 skip invalid enctypes instead of erroring out in
119 krb5_dbe_def_search_enctype
120 6797 CVE-2010-1322 KDC uninitialized pointer crash in authorization
121 data handling (MITKRB5-SA-2010-006)
122 6798 set NT-SRV-INST on TGS principal names
123 6833 SA-2010-007 Checksum vulnerabilities (CVE-2010-1324 and others)
124 6843 handle MS PACs that lack server checksum
125 6853 Make gss_krb5_set_allowable_enctypes work for the acceptor (1.8 pullup)
126 6861 kpropd denial of service [MITKRB5-SA-2011-001 CVE-2010-4022]
127 6862 KDC denial of service attacks [MITKRB5-SA-2011-002
128 CVE-2011-0281 CVE-2011-0282]
129 6876 hmac-md5 checksum doesn't work with DES keys
130 6877 Don't reject AP-REQs based on PACs
131 6882 KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003 CVE-2011-0284]
132 6900 kadmind frees invalid pointer [MITKRB5-SA-2011-004 CVE-2011-0285]
134 Major changes in 1.8.3
135 ----------------------
139 GSS-API context expiration -- the gss_wrap and gss_unwrap
140 functions no longer check for ticket expiration. Applications
141 wishing to enforce ticket lifetimes should check using the
142 gss_inquire_context function. The previous behavior of checking
143 for ticket expiration produced results that were not expected by
144 application developers, and could lead to poor user experience.
146 * Fix an interoperability issue when the Microsoft HMAC-MD5 checksum
147 type was used with non-RC4 keys.
149 * Fix an interoperability issue with ephemeral Diffie-Hellman key
150 exchange in PKINIT that would happen for less than 1% of
153 krb5-1.8.3 changes by ticket ID
154 -------------------------------
156 6345 no kdb5_util stash equivalent with LDAP database
157 6738 PKINIT DH exchange occasionally produces mismatch
158 6739 Behavior change: gssapi context expiration
159 6740 kadmin ktadd may display wrong name of default keytab
160 6744 only test t_locate_kdc if known-good DNS name is present
161 6745 Add correct error table when initializing gss-krb5
162 6750 krb5kdc doesn't parse the -P command-line option correctly
163 6751 Allow Microsoft HMAC-MD5 checksum types to use non-RC4 keys
165 Major changes in 1.8.2
166 ----------------------
168 This is primarily a bugfix release.
170 * Fix vulnerabilities:
171 ** CVE-2010-1320 KDC double free caused by ticket renewal
172 (MITKRB5-SA-2010-004)
173 ** CVE-2010-1321 GSS-API lib null pointer deref (MITKRB5-SA-2010-005)
175 * Allow numeric IPv6 addresses for configuring KDC locations.
177 krb5-1.8.2 changes by ticket ID
178 -------------------------------
180 6562 kinit not working if kdc is configured with numerical IPv6 address
181 6696 gss_accept_sec_context doesn't produce error tokens
182 6697 segfault caused by dlerror returning NULL
183 6698 kproplog displays incorrect iprop timestamps on 64-bit platforms
184 6702 CVE-2010-1320 KDC double free caused by ticket renewal
185 (MITKRB5-SA-2010-004)
186 6711 memory leak in process_tgs_req in r23724
187 6718 Make KADM5_FAIL_AUTH_COUNT_INCREMENT more robust with LDAP
188 6722 Error handling bug in krb5_init_creds_init()
189 6725 CVE-2010-1321 GSS-API lib null pointer deref (MITKRB5-SA-2010-005)
190 6726 SPNEGO doesn't interoperate with Windows 2000
191 6730 kdc_tcp_ports not documented in kdc.conf.M
192 6734 FAST negotiation could erroneously succeed
194 Major changes in 1.8.1
195 ----------------------
197 This is primarily a bugfix release.
199 * MITKRB5-SA-2010-002 CVE-2010-0628 denial of service in SPNEGO
201 * Support IPv6 in kpasswd client.
203 * Fix an authorization data type number assignment that conflicted
204 with an undocumented Microsoft usage.
206 krb5-1.8.1 changes by ticket ID
207 -------------------------------
209 6661 [RFE] properly support IPv6 in kpasswd
210 6668 Two problems in kadm5_get_principal mask handling
211 6674 memory leak in SPNEGO
212 6676 Ignore improperly encoded signedpath AD elements
213 6678 use of freed memory in gss_import_sec_context error path
214 6680 the "ticket_lifetime" setting isn't documented
215 6681 krb5_get_init_creds_password() can crash with NULL options and
217 6683 kpasswd doesn't guess the client principal name correctly
219 6685 handle NT_SRV_INST in service principal referrals
220 6687 Change KRB5_AUTHDATA_SIGNTICKET from 142 to 512
221 6689 krb5_typed_data not castable to krb5_pa_data on 64-bit MacOSX
222 6690 MITKRB5-SA-2010-002 CVE-2010-0628 denial of service in SPNEGO
223 6693 Fix backwards flag output in krb5_init_creds_step()
228 The krb5-1.8 release contains a large number of changes, featuring
229 improvements in the following broad areas:
232 * Developer experience
234 * End-user experience
235 * Administrator experience
240 * Move toward test-driven development -- new features have test code,
241 or at least written testing procedures.
243 * Remove applications to a separate distribution to simplify
244 independent maintenance.
246 * Increase conformance to coding style
248 + "The great reindent"
250 + Selective refactoring
252 Developer experience:
254 * Crypto modularity -- vendors can more easily substitute their own
255 crypto implementations, which might be hardware-accelerated or
256 validated to FIPS 140, for the builtin crypto implementation that
257 has historically shipped as part of MIT Kerberos. Currently, only
258 an OpenSSL provider is included, but others are planned for the
261 * Move toward improved KDB interface
263 * Improved API for verifying and interrogating authorization data
267 * Investigate and remedy repeatedly-reported performance bottlenecks.
269 * Encryption performance -- new crypto API with opaque key structures,
270 to allow for optimizations such as caching of derived keys
274 * Reduce DNS dependence by implementing an interface that allows
275 client library to track whether a KDC supports service principal
278 Administrator experience:
280 * Disable DES by default -- this reduces security exposure from using
281 an increasingly insecure cipher.
283 * More versatile crypto configuration, to simplify migration away from
284 DES -- new configuration syntax to allow inclusion and exclusion of
285 specific algorithms relative to a default set.
287 * Account lockout for repeated login failures -- mitigates online
288 password guessing attacks, and helps with some enterprise regulatory
291 * Bridge layer to allow Heimdal HDB modules to act as KDB backend
292 modules. This provides a migration path from a Heimdal to an MIT
297 * FAST enhancements -- preauthentication framework enhancements to
298 allow a client to securely negotiate the use of FAST with a KDC of
299 unknown capabilities.
301 * Microsoft Services for User (S4U) compatibility: S4U2Self, also
302 known as "protocol transition", allows for service to ask a KDC for
303 a ticket to themselves on behalf of a client authenticated via a
304 different means; S4U2Proxy allows a service to ask a KDC for a
305 ticket to another service on behalf of a client.
307 * Anonymous PKINIT -- allows the use of public-key cryptography to
308 anonymously authenticate to a realm
310 * Support doing constrained delegation similar to Microsoft's
311 S4U2Proxy without the use of the Windows PAC. This functionality
312 uses a protocol compatible with Heimdal.
314 krb5-1.8 changes by ticket ID
315 -----------------------------
317 5468 delete kadmin v1 support
318 6206 new API for storing extra per-principal data in ccache
319 6434 krb5_cc_resolve() will crash if a null name param is provided
320 6454 Make krb5_mkt_resolve error handling work
321 6510 Restore limited support for static linking
322 6539 Enctype list configuration enhancements
323 6546 KDB should use enctype of stashed master key
324 6547 Modify kadm5 initializers to accept krb5 contexts
325 6563 Implement s4u extensions
326 6564 s4u extensions integration broke test suite...
327 6565 HP-UX IA64 wrong endian
328 6572 Implement GSS naming extensions and authdata verification
329 6576 Implement new APIs to allow improved crypto performance
330 6577 Account lockout for repeated login failures
331 6578 Heimdal DB bridge plugin for KDC back end
332 6580 Constrained delegation without PAC support
333 6582 Memory leak in _kadm5_init_any introduced with ipropd
334 6583 Unbundle applications into separate repository
335 6586 libkrb5 support for non-blocking AS requests
336 6590 allow testing even if name->addr->name mapping doesn't work
337 6591 fix slow behavior on Mac OS X with link-local addresses
338 6592 handle negative enctypes better
339 6593 Remove dependency on /bin/csh in test suite
340 6595 FAST (preauth framework) negotiation
341 6597 Add GSS extensions to store credentials, generate random bits
342 6598 gss_init_sec_context potential segfault
343 6599 memory leak in krb5_rd_req_decrypt_tkt_part
344 6600 gss_inquire_context cannot handle no target name from mechanism
345 6601 gsssspi_set_cred_option cannot handle mech specific option
346 6603 issues with SPNEGO
347 6605 PKINIT client should validate SAN for TGS, not service principal
348 6606 allow testing when offline
349 6607 anonymous PKINIT
350 6616 Fix spelling and hyphen errors in man pages
351 6618 Support optional creation of PID files for krb5kdc and kadmind
352 6620 kdc_supported_enctypes does nothing; eradicate mentions thereof
353 6621 disable weak crypto by default
354 6622 kinit_fast fails if weak enctype is among client principal keys
355 6623 Always treat anonymous as preauth required
356 6624 automated tests for anonymous pkinit
357 6625 yarrow code does not initialize keyblock enctype and uses
359 6626 Restore interoperability with 1.6 addprinc -randkey
360 6627 Set enctype in crypto_tests to prevent memory leaks
361 6628 krb5int_dk_string_to_key fails to set enctype
362 6629 krb5int_derive_key results in cache with uninitialized values
363 6630 krb5int_pbkdf2_hmac_sha1 fails to set enctype on keyblock
364 6632 Simplify and fix FAST check for keyed checksum type
365 6634 Use keyed checksum type for DES FAST
366 6640 Make history key exempt from permitted_enctypes
367 6642 Add test program for decryption of overly short buffers
368 6643 Problem with krb5 libcom_err vs. system libcom_err
369 6644 Change basename of libkadm5 libraries to avoid Heimdal conflict
370 6645 Add krb5_allow_weak_crypto API
371 6648 define MIN() in lib/gssapi/krb5/prf.c
372 6649 Get rid of kdb_ext.h and allow out-of-tree KDB plugins
373 6651 Handle migration from pre-1.7 databases with master key
374 kvno != 1 (1.8 pullup)
375 6652 Make decryption of master key list more robust
376 6653 set_default_enctype_var should filter not reject weak enctypes
377 6654 Fix greet_server build
378 6655 Fix cross-realm handling of AD-SIGNEDPATH
379 6656 krb5int_fast_free_state segfaults if state is null
380 6657 enc_padata can include empty sequence
381 6658 Implement gss_set_neg_mechs
382 6659 Additional memory leaks in kdc
383 6660 Minimal support for updating history key
384 6662 MITKRB5-SA-2010-001 CVE-2010-0283 KDC denial of service
385 6663 update mkrel to deal with changed source layout
386 6665 Fix cipher state chaining in OpenSSL back end
387 6669 doc updates for allow_weak_crypto
392 Past and present Sponsors of the MIT Kerberos Consortium:
395 Carnegie Mellon University
399 The Department of Defense of the United States of America (DoD)
401 Iowa State University
403 Michigan State University
405 The National Aeronautics and Space Administration
406 of the United States of America (NASA)
407 Network Appliance (NetApp)
408 Nippon Telephone and Telegraph (NTT)
410 Pennsylvania State University
414 The University of Alaska
415 The University of Michigan
416 The University of Pennsylvania
418 Past and present members of the Kerberos Team at MIT:
471 The following external contributors have provided code, patches, bug
472 reports, suggestions, and valuable resources:
492 Christopher D. Clausen
517 Love Hörnquist Åstrand
530 Jan iankko Lieskovsky
569 The above is not an exhaustive list; many others have contributed in
570 various ways to the MIT Kerberos development effort over the years.
571 Other acknowledgments (for bug reports and patches) are in the