1 Kerberos Version 5, Release 1.9
6 Copyright and Other Notices
7 ---------------------------
9 Copyright (C) 1985-2010 by the Massachusetts Institute of Technology
10 and its contributors. All rights reserved.
12 Please see the file named NOTICE for additional notices.
14 Building and Installing Kerberos 5
15 ----------------------------------
17 The first file you should look at is doc/install-guide.ps; it contains
18 the notes for building and installing Kerberos 5. The info file
19 krb5-install.info has the same information in info file format. You
20 can view this using the GNU emacs info-mode, or by using the
21 standalone info file viewer from the Free Software Foundation. This
22 is also available as an HTML file, install.html.
24 Other good files to look at are admin-guide.ps and user-guide.ps,
25 which contain the system administrator's guide, and the user's guide,
26 respectively. They are also available as info files
27 kerberos-admin.info and krb5-user.info, respectively. These files are
28 also available as HTML files.
30 If you are attempting to build under Windows, please see the
31 src/windows/README file.
36 Please report any problems/bugs/comments using the krb5-send-pr
37 program. The krb5-send-pr program will be installed in the sbin
38 directory once you have successfully compiled and installed Kerberos
39 V5 (or if you have installed one of our binary distributions).
41 If you are not able to use krb5-send-pr because you haven't been able
42 compile and install Kerberos V5 on any platform, you may send mail to
45 You may view bug reports by visiting
47 http://krbdev.mit.edu/rt/
49 and logging in as "guest" with password "guest".
54 The Data Encryption Standard (DES) is widely recognized as weak. The
55 krb5-1.7 release contains measures to encourage sites to migrate away
56 from using single-DES cryptosystems. Among these is a configuration
57 variable that enables "weak" enctypes, which defaults to "false"
58 beginning with krb5-1.8.
65 * Python-based testing framework
74 * Account lockout performance improvements
76 Administrator experience:
79 * Plugin interface for password sync
80 * Plugin interface for password quality checks
81 * Configuration file validator
82 * KDC support for SecurID preauthentication
87 * Camellia encryption (experimental; disabled by default)
89 krb5-1.9 changes by ticket ID
90 -----------------------------
92 2032 No advanced warning of password expiry
93 5014 kadmin (and other utilities) should report enctypes as it takes them
94 6647 Memory leak in kdc
95 6672 Python test framework
96 6679 Lazy history key creation
97 6684 Simple kinit verbosity patch
98 6686 IPv6 support for kprop and kpropd
99 6688 mit-krb5-1.7 fails to compile against openssl-1.0.0
100 6691 krb524 source code is missing from krb5-1.8 tarball
101 6699 Validate and renew should work on non-TGT creds
102 6700 Introduce new krb5_tkt_creds API
103 6712 Add IAKERB mechanism and gss_acquire_cred_with_password
104 6714 [patch] fix format errors in krb5-1.8.1
105 6715 cksum_body exports
106 6719 Add lockout-related performance tuning variables
107 6720 Negative enctypes improperly read from keytabs
108 6723 Negative enctypes improperly read from ccaches
109 6732 checks for openpty() aren't made using -lutil
110 6733 Make signedpath authdata visible via GSS naming exts
111 6736 Add krb5_enctype_to_name() API
113 6746 Make kadmin work over IPv6
114 6749 DAL improvements
115 6753 Fix XDR decoding of large values in xdr_u_int
116 6755 Add GIC option for password/account expiration callback
117 6756 KDC 1.6/1.7/1.8 Installation
118 6758 Allow krb5_gss_register_acceptor_identity to unset keytab name
119 6760 Fail properly when profile can't be accessed
120 6761 add profile include support
121 6762 key expiration computed incorrectly in libkdb_ldap
122 6763 New plugin infrastructure
123 6765 Password quality pluggable interface
124 6769 clean up memory leak and potential unused variable in crypto tests
125 6771 Fix memory leaks in kdb5_verify
126 6772 Ensure valid key in krb5int_yarrow_cipher_encrypt_block
127 6774 pkinit client cert matching can be disrupted by one of the
129 6775 pkinit <KU> evaluation during certificate matching may fail
130 6776 Typos in src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
131 6777 Segmentation fault in krb library (sn2princ.c) if realm not resolved
132 6778 kdb: store mkey list in context and permit NULL mkey for
133 kdb_dbe_decrypt_key_data
134 6779 kinit: add KDB keytab support
135 6783 KDC worker processes feature
136 6784 relicense Sun RPC to 3-clause BSD-style
137 6785 Add gss_krb5_import_cred
138 6786 kpasswd: if a credential cache is present, use FAST
139 6791 kadm5_hook: new plugin interface
140 6792 Implement k5login_directory and k5login_authoritative options
141 6795 Propagate modprinc -unlock from master to slave KDCs
142 6799 Performance issue in LDAP policy fetch
143 6801 Fix leaks in get_init_creds interface
144 6802 copyright notice updates
149 Past and present Sponsors of the MIT Kerberos Consortium:
152 Carnegie Mellon University
156 The Department of Defense of the United States of America (DoD)
158 Iowa State University
160 Michigan State University
162 The National Aeronautics and Space Administration
163 of the United States of America (NASA)
164 Network Appliance (NetApp)
165 Nippon Telephone and Telegraph (NTT)
167 Pennsylvania State University
171 The University of Alaska
172 The University of Michigan
173 The University of Pennsylvania
175 Past and present members of the Kerberos Team at MIT:
228 The following external contributors have provided code, patches, bug
229 reports, suggestions, and valuable resources:
248 Christopher D. Clausen
271 Love Hörnquist Åstrand
284 Jan iankko Lieskovsky
318 The above is not an exhaustive list; many others have contributed in
319 various ways to the MIT Kerberos development effort over the years.
320 Other acknowledgments (for bug reports and patches) are in the