1 Kerberos Version 5, Release 1.3.5
6 Unpacking the Source Distribution
7 ---------------------------------
9 The source distribution of Kerberos 5 comes in a gzipped tarfile,
10 krb5-1.3.5.tar.gz. Instructions on how to extract the entire
13 If you have the GNU tar program and gzip installed, you can simply do:
15 gtar zxpf krb5-1.3.5.tar.gz
17 If you don't have GNU tar, you will need to get the FSF gzip
18 distribution and use gzcat:
20 gzcat krb5-1.3.5.tar.gz | tar xpf -
22 Both of these methods will extract the sources into krb5-1.3.5/src and
23 the documentation into krb5-1.3.5/doc.
25 Building and Installing Kerberos 5
26 ----------------------------------
28 The first file you should look at is doc/install-guide.ps; it contains
29 the notes for building and installing Kerberos 5. The info file
30 krb5-install.info has the same information in info file format. You
31 can view this using the GNU emacs info-mode, or by using the
32 standalone info file viewer from the Free Software Foundation. This
33 is also available as an HTML file, install.html.
35 Other good files to look at are admin-guide.ps and user-guide.ps,
36 which contain the system administrator's guide, and the user's guide,
37 respectively. They are also available as info files
38 kerberos-admin.info and krb5-user.info, respectively. These files are
39 also available as HTML files.
41 If you are attempting to build under Windows, please see the
42 src/windows/README file.
47 Please report any problems/bugs/comments using the krb5-send-pr
48 program. The krb5-send-pr program will be installed in the sbin
49 directory once you have successfully compiled and installed Kerberos
50 V5 (or if you have installed one of our binary distributions).
52 If you are not able to use krb5-send-pr because you haven't been able
53 compile and install Kerberos V5 on any platform, you may send mail to
56 You may view bug reports by visiting
58 http://krbdev.mit.edu/rt/
60 and logging in as "guest" with password "guest".
62 Major changes in 1.3.5
63 ----------------------
65 * [2682] Fix ftpd hang caused by empty PASS command.
67 * [2686] Fix double-free errors. [MITKRB5-SA-2004-002]
69 * [2687] Fix denial-of-service vulnerability in ASN.1
70 decoder. [MITKRB5-SA-2004-003]
72 Minor changes in 1.3.5
73 ----------------------
75 * [2016] Fix build problem in fake-addrinfo.h by including stdio.h so
76 that sprintf() gets prototyped where needed on some platforms.
78 * [2353] Add missing prototype for gss_krb5int_unseal_token_v3().
80 * [2607] Fix enctype filtering and some memory leaks in MSLSA ccache.
82 * [2608] Remove incorrect localization in MSLSA ccache which was
85 * [2619] Update MSLSA ccache to support new LSA flag.
87 * [2623] Update MSLSA ccache to reflect differences in registry layout
88 between Windows client and server OSes.
90 * [2624] Do not ignore the cache when obtaining TGTs from the MSLSA if
91 the requested enctype is the NULL enctype.
93 * [2626] Add Terminal Server compatibility for KfW.
95 * [2627] Fix cc_mslsa thread safety.
97 * [2634] Remove the caching of the ccache principal name from
100 * [2643] Fix another problem with krb4 ticket backdating.
102 * [2675] Add new WiX-based MSI installer for KfW.
104 * [2677] Add "-c ccache" option to kvno; use consistent memory
105 management to avoid crashes on Windows.
107 * [2689] Misc MSLSA ccache fixes.
109 * [2691] Improve documentation of ANSI C requirement.
111 Major changes in 1.3.4
112 ----------------------
114 * [2024, 2583, 2584] Fixed buffer overflows in
115 krb5_aname_to_localname(). [MITKRB-SA-2004-001]
117 Minor changes in 1.3.4
118 ----------------------
120 * [957] The auth_to_local rules now allow for the client realm to be
123 * [2527, 2528, 2531] Keytab file names lacking a "FILE:" prefix now work
126 * [2533] Updated installer scripts for Windows.
128 * [2534] Fixed memory leak for when an incorrect password is input to
129 krb5_get_init_creds_password().
131 * [2535] Added missing newline to dnssrv.c.
133 * [2551, 2564] Use compile-time checks to determine endianness.
135 * [2558] krb5_send_tgs() now correctly sets message_type after
136 receiving a KRB_ERROR message.
138 * [2561, 2574] Fixed memory allocation errors in the MSLSA ccache.
140 * [2562] The Windows installer works around cases where DLLs cannot be
143 * [2585] Documentation correctly describes AES support in GSSAPI.
145 Major changes in 1.3.3
146 ----------------------
148 * [2284] Fixed accept_sec_context to use a replay cache in the
149 GSS_C_NO_CREDENTIAL case. Reported by Cesar Garcia.
151 * [2426] Fixed a spurious SIGPIPE that happened in the TCP sendto_kdc
152 code on AIX. Thanks to Bill Dodd.
154 * [2430] Fixed a crash in the MSLSA ccache.
156 * [2453] The AES string-to-key function no longer returns a pointer to
157 stack memory when given a password longer than 64 characters.
159 Minor changes in 1.3.3
160 ----------------------
162 * [2277] In sendto_kdc, a socket leak on connection failure was fixed.
165 * [2384] A memory leak in the TCP handling code in the KDC has been
166 fixed. Thanks to Will Fiveash.
168 * [2521] The Windows NSIS installer scripts are in the source tree.
170 * [2522] The MSLSA ccache now supports Windows 9x.
172 Major changes in 1.3.2
173 ----------------------
175 * [2040, 1471, 2067, 2077, 2079, 2166, 2167, 2220, 2266] Support for
176 AES in GSSAPI has been implemented. This corresponds to the
177 in-progress work in the IETF (CFX).
179 * [2049, 2139, 2148, 2153, 2182, 2183, 2184, 2190, 2202] Added a new
180 ccache type "MSLSA:" for read-only access to the MS Windows LSA
183 * [982] On windows, krb5.exe now has a checkbox to request addressless
186 * [2189, 2234] To avoid compatibility problems, unrecognized TGS
187 options will now be ignored. Thanks to Wyllys Ingersoll for finding
188 a problem with a previous fix.
190 * [2218] 128-bit AES has been added to the default enctypes.
192 * [2223, 2229] AES cryptosystem now chains IVs. This WILL break
193 backwards compatibility for the kcmd applications, if they are using
194 AES session keys. Thanks to Wyllys Ingersoll for finding a problem
197 Minor changes in 1.3.2
198 ----------------------
200 * [1437] Applied patch from Stephen Grau so kinit returns non-zero
201 status under certain failure conditions where it had previously
204 * [1586] On Windows, the krb4 CREDENTIALS structure has been changed
205 to align with KfW's version of the structure.
207 * [1613] Applied patch from Dave Shrimpton to avoid truncation of
208 dates output from the kadmin CLI when long time zone names are
211 * [1622] krshd no longer calls syslog from inside a signal handler, in
212 an effort to avoid deadlocks on exit.
214 * [1649] A com_err test program compiles properly on Darwin now.
216 * [1692] A new configuration file tag "master_kdc" has been added to
217 allow master KDCs to be designated separately from admin servers.
219 * [1702] krb5_get_host_realm() and krb5_free_host_realm() are no
220 longer marked as KRB5_PRIVATE.
222 * [1711] Applied patch from Harry McGavran Jr to allow fake-addrinfo.h
223 to compile on libc5 Linux platforms.
225 * [1712] Applied patch from Cesar Garcia to fix lifetime computation
226 in krb524 ticket conversion.
228 * [1714] Fixed a 64-bit endianness bug in ticket starttime encoding in
229 krb524d. Found by Cesar Garcia.
231 * [1715] kadmind4 and v5passwdd are no longer installed on Mac OS X.
233 * [1718] The krb4 library configure script now recognizes
234 OpenDarwin/x86. Bug found by Rob Braun.
236 * [1721] krb5_get_init_creds_password() no longer returns a spurious
237 KRB5_REALM_UNKNOWN if DNS SRV record support is turned off.
239 * [1730] krb_mk_auth() no longer overzealously clears the key
242 * [1731] A double-free related to reading forwarded credentials has
243 been fixed. Found by Joseph Galbraith.
245 * [1770] Applied patch from Maurice Massar to fix a foreachaddr()
246 problem that was causing the KDC to segfault on startup.
248 * [1790] The Linux build uses $(CC) to create shared libraries,
249 avoiding a libgcc problem when building libdb.
251 * [1792] The lib/kadm5 unit tests now work around a Solaris 9
254 * [1793] The test suite works around some Tru64 and Irix RPATH
255 issues, which previously could prevent tests from running on a build
256 with shared libraries enabled.
258 * [1799] kadmind supports callouts to the Apple password server.
260 * [1893] KRB-SAFE messages from older releases can now be read
261 successfully. Prior 1.3.x releases did not save the encoded
262 KRB-SAFE message, and experienced problems when re-encoding. Found
265 * [1962] MS LSA tickets with short remaining lifetimes will be
266 rejected in favor of retrieving tickets bypassing the LSA cache.
268 * [1973] sendto_kdc.c now closes sockets with closesocket() instead of
269 close(), avoiding a descriptor leak on Windows.
271 * [1979] An erroneously short initial sequence number mask has been
274 * [2028] KfW now displays a kinit dialog when GSS fails to find
277 * [2051] Missing exports have been added to krb4_32.def on Windows.
279 * [2058] Some problems with krb4 ticket lifetime backdating have
282 * [2060] GSSAPI's idea of the default ccache is less sticky now.
284 * [2068] The profile library includes prof-int.h before conditionals
287 * [2084] The resolver library is no longer referenced by library code
288 if not building with DNS SRV record support.
290 * [2085] Updated Windows README file to reflect current compilation
293 * [2104] On Windows, only define strcasecmp and strncasecmp
294 replacement macros if said functions are missing.
296 * [2106] Return an error for unimplemented ccache functions, rather
297 than calling through a null pointer.
299 * [2118] Applied patch from Will Fiveash to use correct parameter for
300 KDC TCP listening sockets.
302 * [2144,2230] Memory management errors in the Windows gss.exe test
303 client have been fixed.
305 * [2171] krb5_locate_kpasswd() now correctly calls htons() on the
306 kpasswd port number. Found by Arlene Berry.
308 * [2180] The profile library now includes pthread.h when compiled with
311 * [2181, 2224] A timeout has been added to gss-server, and a missing
312 parameter to sign_server() has been added.
314 * [2196] config.{guess,sub} have been updated from autoconf-2.59.
316 * [2204] Windows gss.exe now has support for specifying credentials
317 cache, as well as some minor bugfixes.
319 * [2210] GSSAPI accept_sec_context() no longer unconditionally sets
320 INTEG and CONF flags in contradiction to what the initiator sent.
322 * [2212] The GSS sample application has some additional options to
323 support testing of SSPI vs GSSAPI.
325 * [2217] Windows gss.exe has new UI elements to support more flag
328 * [2225] In the gss sample client, some extraneous parameters have
329 been removed from client_establish_context().
331 * [2228] Copyright notices updated in GSS sample apps.
333 * [2233] On Windows compiles with KRB5_KFW_COMPILE, the lib path for
334 krbcc32.lib is now correct.
336 * [2195, 2236, 2241, 2245] The Solaris 9 pty-close bug, which was
337 affecting the test suite, has been worked around by hacking
338 scheduler priorities. See the installation notes for details.
339 Thanks to Bill Sommerfeld for some useful hints.
341 * [2258] An incorrect memcpy() statement in fakeka has been fixed.
342 Reported by David Thompson.
344 Notes, Major Changes, and Known Bugs for 1.3.1
345 ----------------------------------------------
347 * [1681] The incorrect encoding of the ETYPE-INFO2 preauthentication
348 hint is no longer emitted, and the both the incorrect and the
349 correct encodings of ETYPE-INFO2 are now accepted. We STRONGLY
350 encourage deploying krb5-1.3.1 in preference to 1.3, especially on
351 client installations, as the 1.3 release did not conform to the
352 internet-draft for the revised Kerberos protocol in its encoding of
355 * [1683] The non-caching getaddrinfo() API on Mac OS X, which was
356 causing significant slowdowns under some circumstances, has been
359 Minor changes in 1.3.1
360 ----------------------
362 * [1015] gss_accept_sec_context() now passes correct arguments to
363 TREAD_STR() when reading options beyond the forwarded credential
364 option. Thanks to Emily Ratliff.
366 * [1365] The GSSAPI initiator credentials are no longer cached inside
369 * [1651] A buffer overflow in krb_get_admhst() has been fixed.
371 * [1655] krb5_get_permitted_enctypes() and krb5_set_real_time() are
372 now exported for use by Samba.
374 * [1656] gss_init_sec_context() no longer leaks credentials under some
377 * [1657] krb_get_lrealm() no longer returns "ATHENA.MIT.EDU"
380 * [1664] The crypto library no longer has bogus dependencies on
383 * [1665] krb5_init_context() no longer multiply registers error tables
384 when called more than once, preventing a memory leak.
386 * [1666] The GSS_C_NT_* symbols are now exported from gssapi32.dll on
389 * [1667] ms2mit now imports any tickets with supported enctypes, and
390 does not import invalid tickets.
392 * [1677] krb5_gss_register_acceptor_identity() no longer has an
393 off-by-one in its memory allocation.
395 * [1679] krb5_principal2salt is now exported on all platforms.
397 * [1684] The file credentials cache is now supported if USE_CCAPI is
398 defined, i.e., for KfM and KfW.
400 * [1691] Documentation for the obsolete kdc_supported_enctypes config
401 variable has been removed.
403 Notes, Major Changes, and Known Bugs for 1.3
404 --------------------------------------------
406 * We now install the compile_et program, so other packages can use the
407 installed com_err library with their own error tables. (If you use
408 our com_err code, that is; see below.)
410 * The header files we install now assume ANSI/ISO C ('89, not '99).
411 We have stopped testing on SunOS 4, even with gcc. Some of our code
412 now has C89-based assumptions, like free(NULL) being well defined,
413 that will probably frustrate any attempts to run this code under SunOS
414 4 or other pre-C89 systems.
416 * Some new code, bug fixes, and cleanup for IPv6 support. Most of the
417 code should support IPv6 transparently now. The RPC code (and
418 therefore the admin system, which is based on it) does not yet
419 support IPv6. The support for Kerberos 4 may work with IPv6 in very
420 limited ways, if the address checking is turned off. The FTP client
421 and server do not have support for the new protocol messages needed
422 for IPv6 support (RFC 2428).
424 * We have upgraded to autoconf 2.52 (or later), and the syntax for
425 specifying certain configuration options have changed. For example,
426 autoconf 2.52 configure scripts let you specify command-line options
427 like "configure CC=/some/path/foo-cc", so we have removed some of
428 our old options like --with-cc in favor of this approach.
430 * The client libraries can now use TCP to connect to the KDC. This
431 may be necessary when talking to Microsoft KDCs (domain controllers),
432 if they issue you tickets with lots of PAC data.
434 * If you have versions of the com_err or ss installed locally, you can
435 use the --with-system-et and --with-system-ss configure options to
436 use them rather than using the versions supplied here. Note that
437 the interfaces are assumed to be similar to those we supply; in
438 particular, some older, divergent versions of the com_err library
439 may not work with the krb5 sources. Many configure-time variables
440 can be used to help the compiler and linker find the installed
441 packages; see the build documentation for details.
443 * The AES cryptosystem has been implemented. However, support in the
444 Kerberos GSSAPI mechanism has not been written (or even fully
445 specified), so it's not fully enabled. See the documentation for
448 Major changes listed by ticket ID
449 ---------------------------------
451 * [492] PRNG breakage on 64-bit platforms no longer an issue due to
452 new PRNG implementation.
454 * [523] Client library is now compatible with the RC4-based
455 cryptosystem used by Windows 2000.
457 * [709] krb4 long lifetime support has been implemented.
459 * [880] krb5_gss_register_acceptor_identity() implemented (is called
460 gsskrb5_register_acceptor_identity() by Heimdal).
462 * [1087] ftpd no longer requires channel bindings, allowing easier use
463 of ftp from behind a NAT.
465 * [1156, 1209] It is now possible to use the system com_err to build
468 * [1174] TCP support added to client library.
470 * [1175] TCP support added to the KDC, but is disabled by default.
472 * [1176] autoconf-2.5x is now required by the build system.
474 * [1184] It is now possible to use the system Berkeley/Sleepycat DB
475 library to build this release.
477 * [1189, 1251] The KfM krb4 library source base has been merged.
479 * [1190] The default KDC master key type is now triple-DES. KDCs
480 being updated may need their config files updated if they are not
481 already specifying the master key type.
483 * [1190] The default ticket lifetime and default maximum renewable
484 ticket lifetime have been extended to one day and one week,
487 * [1191] A new script, k5srvutil, may be used to manipulate keytabs in
488 ways similar to the krb4 ksrvutil utility.
490 * [1281] The "fakeka" program, which emulates the AFS kaserver, has
491 been integrated. Thanks to Ken Hornstein.
493 * [1343] The KDC now defaults to not answering krb4 requests.
495 * [1344] Addressless tickets are requested by default now.
497 * [1372] There is no longer a need to create a special keytab for
498 kadmind. The legacy administration daemons "kadmind4" and
499 "v5passwdd" will still require a keytab, though.
501 * [1377, 1442, 1443] The Microsoft set-password protocol has been
502 implemented. Thanks to Paul Nelson.
504 * [1385, 1395, 1410] The krb4 protocol vulnerabilities
505 [MITKRB5-SA-2003-004] have been worked around. Note that this will
506 disable krb4 cross-realm functionality, as well as krb4 triple-DES
507 functionality. Please see doc/krb4-xrealm.txt for details of the
510 * [1393] The xdrmem integer overflows [MITKRB5-SA-2003-003] have
513 * [1397] The krb5_principal buffer bounds problems
514 [MITKRB5-SA-2003-005] have been fixed. Thanks to Nalin Dahyabhai.
516 * [1415] Subsession key negotiation has been fixed to allow for
517 server-selected subsession keys in the future.
519 * [1418, 1429, 1446, 1484, 1486, 1487, 1535, 1621] The AES
520 cryptosystem has been implemented. It is not usable for GSSAPI,
523 * [1491] The client-side functionality of the krb524 library has been
524 moved into the krb5 library.
526 * [1550] SRV record support exists for Kerberos v4.
528 * [1551] The heuristic for locating the Kerberos v4 KDC by prepending
529 "kerberos." to the realm name if no config file or DNS information
530 is available has been removed.
532 * [1568, 1067] A krb524 stub library is built on Windows.
534 Minor changes listed by ticket ID
535 ---------------------------------
537 * [90] default_principal_flags documented.
539 * [175] Docs refer to appropriate example domains/IPs now.
541 * [299] kadmin no longer complains about missing kdc.conf parameters
542 when it really means krb5.conf parameters.
544 * [318] Run-time load path for tcl is set now when linking test
547 * [443] --includedir honored now.
549 * [479] unused argument in try_krb4() in login.c deleted.
551 * [590] The des_read_pw_string() function in libdes425 has been
552 aligned with the original krb4 and CNS APIs.
554 * [608] login.krb5 handles SIGHUP more sanely now and thus avoids
555 getting the session into a weird state w.r.t. job control.
557 * [620] krb4 encrypted rcp should work a little better now. Thanks to
560 * [647] libtelnet/kerberos5.c no longer uses internal include files.
562 * [673] Weird echoing of admin password in kadmin client worked around
563 by not using buffered stdio calls to read passwords.
565 * [677] The build system has been reworked to allow the user to set
566 CFLAGS, LDFLAGS, CPPFLAGS, etc. reasonably.
568 * [680] Related to [673], rewrite krb5_prompter_posix() to no longer
569 use longjmp(), thus avoiding some bugs relating to non-restoration
570 of terminal settings.
572 * [697] login.krb5 no longer zeroes out the terminal window size.
574 * [710] decomp_ticket() in libkrb4 now looks up the local realm name
575 more correctly. Thanks to Booker Bense.
577 * [771] .rconf files are excluded from the release now.
579 * [772] LOG_AUTHPRIV syslog facility is now usable for logging on
580 systems that support it.
582 * [844] krshd now syslogs using the LOG_AUTH facility.
584 * [850] Berekely DB build is better integrated into the krb5 library
587 * [866] lib/krb5/os/localaddr.c and kdc/network.c use a common source
588 for local address enumeration now.
590 * [882] gss-client now correctly deletes the context on error.
592 * [919] kdc/network.c problems relating to SIOCGIFCONF have been
595 * [922] An overflow in the string-to-time conversion routines has been
598 * [933] krb524d now handles single-DES session keys other than of type
601 * [935] des-cbc-md4 now included in default enctypes.
603 * [939] A minor grammatical error has been fixed in a telnet client
606 * [953] des3 no longer failing on Windows due to SHA1 implementation
609 * [964] kdb_init_hist() no longer fails if master_key_enctype is not
610 in supported_enctypes.
612 * [970] A minor inconsistency in ccache.tex has been fixed.
614 * [971] option parsing bugs rendered irrelevant by removal of unused
617 * [976] make install mentioned in build documentation.
619 * [986] Related to [677], problems with the ordering of LDFLAGS
620 initialization rendered irrelevant by use of native autoconf
623 * [992] Related to [677], quirks with --with-cc no longer relevant as
624 AC_PROG_CC is used instead now.
626 * [999] The kdc_default_options configuration variable is now honored.
627 Thanks to Emily Ratliff.
629 * [1006] Client library, as well as KDC, now perform reasonable
630 sorting of ETYPE-INFO preauthentication data.
632 * [1055] NULL pointer dereferences in code calling
633 krb5_change_password() have been fixed.
635 * [1063] Initial credentials acquisition failures related to client
636 host having a large number of local network interfaces should be
639 * [1064] Incorrect option parsing in the gssapi library is no longer
640 relevant due to removal of the "v2" mechanism.
642 * [1065, 1225] krb5_get_init_creds_password() should properly warn about
645 * [1066] printf() argument mismatches in rpc unit tests fixed.
647 * [1085] The krb5.conf manpage has been re-synchronized with other
650 * [1102] gssapi_generic.h should now work with C++.
652 * [1135] The kadm5 ACL system is better documented.
654 * [1136] Some documentation for the setup of cross-realm
655 authentication has been added.
657 * [1164] krb5_auth_con_gen_addrs() now properly returns errno instead
658 of -1 if getpeername() fails.
660 * [1173] Address-less forwardable tickets will remain address-less
663 * [1178, 1228, 1244, 1246, 1249] Test suite has been stabilized
666 * [1188] As part of the modernization of our usage of autoconf,
667 AC_CONFIG_FILES is now used instead of passing a list of files to
670 * [1194] configure will no longer recurse out of the top of the source
671 tree when attempting to locate the top of the source tree.
673 * [1192] Documentation for the krb5 afs functionality of krb524d has
676 * [1195] Example krb5.conf file modified to include all enctypes
677 supported by the release.
679 * [1202] The KDC no longer rejects unrecognized flags.
681 * [1203] krb5_get_init_creds_keytab() no longer does a double-free.
683 * [1211] The ASN.1 code no longer passes (harmless) uninitialized
686 * [1212] libkadm5 now allows for persistent exclusive database locks.
688 * [1217] krb5_read_password() and des_read_password() are now
689 implemented via krb5_prompter_posix().
691 * [1224] For SAM challenges, omitted optional strings are no longer
692 encoded as zero-length strings.
694 * [1226] Client-side support for SAM hardware-based preauth
697 * [1229] The keytab search logic no longer fails prematurely if an
698 incorrect encryption type is found. Thanks to Wyllys Ingersoll.
700 * [1232] If the master KDC cannot be resolved, but a slave is
701 reachable, the client library now returns the real error from the
702 slave rather than the resolution failure from the master. Thanks to
705 * [1234] Assigned numbers for SAM preauth have been corrected.
706 sam-pk-for-sad implementation has been aligned.
708 * [1237] Profile-sharing optimizations from KfM have been merged.
710 * [1240] Windows calling conventions for krb5int_c_combine_keys() have
713 * [1242] Build system incompatibilities with Debian's chimeric
714 autoconf installation have been worked around.
716 * [1256] Incorrect sizes passed to memset() in combine_keys()
717 operations have been corrected.
719 * [1260] Client credential lookup now gets new service tickets in
720 preference to attempting to use expired ticketes. Thanks to Ben
723 * [1262, 1572] Sequence numbers are now unsigned; negative sequence
724 numbers will be accepted for the purposes of backwards
727 * [1263] A heuristic for matching the incorrectly encoded sequence
728 numbers emitted by Heimdal implementations has been written.
730 * [1284] kshd accepts connections by IPv6 now.
732 * [1292] kvno manpage title fixed.
734 * [1293] Source files no longer explicitly attempt to declare errno.
736 * [1304] kadmind4 no longer leaves sa_flags uninitialized.
738 * [1305] Expired tickets now cause KfM to pop up a password dialog.
740 * [1309] krb5_send_tgs() no longer leaks the storage associated with
743 * [1310] kadm5_get_either() no longer leaks regexp library memory.
745 * [1311] Output from krb5-config no longer contains spurious uses of
748 * [1324] The KDC no longer logs an inappropriate "no matching key"
749 error when an encrypted timestamp preauth password is incorrect.
751 * [1334] The KDC now returns a clockskew error when the timestamp in
752 the encrypted timestamp preauth is out of bounds, rather than just
753 returning a preauthentcation failure.
755 * [1342] gawk is no longer required for building kerbsrc.zip for the
758 * [1346] gss_krb5_ccache_name() no longer attempts to return a pointer
761 * [1351] The filename globbing vulnerability [CERT VU#258721] in the
762 ftp client's handling of filenames beginning with "|" or "-"
763 returned from the "mget" command has been fixed.
765 * [1352] GSS_C_PROT_READY_FLAG is no longer asserted inappropriately
766 during GSSAPI context establishment.
768 * [1356] krb5_gss_accept_sec_context() no longer attempts to validate
769 a null credential if one is passed in.
771 * [1362] The "-a user" option to telnetd now does the right thing.
772 Thanks to Nathan Neulinger.
774 * [1363] ksu no longer inappropriately syslogs to stderr.
776 * [1357] krb__get_srvtab_name() no longer leaks memory.
778 * [1370] GSS_C_NO_CREDENTIAL now accepts any principal in the keytab.
780 * [1373] Handling of SAM preauth no longer attempts to stuff a size_t
781 into an unsigned int.
783 * [1387] BIND versions later than 8 now supported.
785 * [1392] The getaddrinfo() wrapper should work better on AIX.
787 * [1400] If DO_TIME is not set in the auth_context, and no replay
788 cache is available, no replay cache will be used.
790 * [1406, 1108] libdb is no longer installed. If you installed
791 krb5-1.3-alpha1, you should ensure that no spurious libdb is left in
794 * [1412] ETYPE_INFO handling no longer goes into an infinite loop.
796 * [1414] libtelnet is now built using the same library build framework
797 as the rest of the tree.
799 * [1417] A minor memory leak in krb5_read_password() has been fixed.
801 * [1419] A memory leak in asn1_decode_kdc_req_body() has been fixed.
803 * [1435] inet_ntop() is now emulated when needed.
805 * [1439] krb5_free_pwd_sequences() now correctly frees the entire
806 sequence of elements.
808 * [1440] errno is no longer explicitly declared.
810 * [1441] kadmind should now return useful errors if an unrecognized
811 version is received in a changepw request.
813 * [1454, 1480, 1517, 1525] The etype-info2 preauth type is now
816 * [1459] (KfM/KLL internal) config file resolution can now be
817 prevented from accessing the user's homedir.
819 * [1463] Preauth handling in the KDC has been reorganized.
821 * [1470] Double-free in client-side preauth code fixed.
823 * [1473] Ticket forwarding when the TGS and the end service have
824 different enctypes should work somewhat better now.
826 * [1474] ASN.1 testsuite memory management has been cleaned up a
827 little to allow for memory leak checking.
829 * [1476] Documentation updated to reflect default krb4 mode.
831 * [1482] RFC-1964 OIDs now provided using the suggested symbolic
834 * [1483, 1528] KRB5_DEPRECATED is now false by default on all
837 * [1488] The KDC will now return integrity errors if a decryption
838 error is responsible for preauthentication failure.
840 * [1492] The autom4te.cache directories are now deleted from the
843 * [1501] Writable keytabs are registered by default.
845 * [1515] The check for cross-realm TGTs no longer reads past the end
848 * [1518] The kdc_default_options option is now actually honored.
850 * [1519] The changepw protocol implementation in kadmind now logs
853 * [1520] Documentation of OS-specific build options has been updated.
855 * [1536] A missing prototype for krb5_db_iterate_ext() has been
858 * [1537] An incorrect path to kdc.conf show in the kdc.conf manpage
861 * [1540] verify_as_reply() will only check the "renew-till" time
862 against the "till" time if the RENEWABLE is not set in the request.
864 * [1547] gssftpd no longer uses vfork(), as this was causing problems
867 * [1549] SRV records with a value of "." are now interpreted as a lack
868 of support for the protocol.
870 * [1553] The undocumented (and confusing!) kdc_supported_enctypes
871 kdc.conf variable is no longer used.
873 * [1560] Some spurious double-colons in password prompts have been
876 * [1571] The test suite tries a little harder to get a root shell.
878 * [1573] The KfM build process now sets localstatedir=/var/db.
880 * [1576, 1575] The client library no longer requests RENEWABLE_OK if
881 the renew lifetime is greater than the ticket lifetime.
883 * [1587] A more standard autoconf test to locate the C compiler allows
884 for gcc to be found by default without additional configuration
887 * [1593] Replay cache filenames are now escaped with hyphens, not
890 * [1598] MacOS 9 support removed from in-tree com_err.
892 * [1602] Fixed a memory leak in make_ap_req_v1(). Thanks to Kent Wu.
894 * [1604] Fixed a memory leak in krb5_gss_init_sec_context(), and an
895 uninitialized memory reference in kg_unseal_v1(). Thanks to Kent
898 * [1607] kerberos-iv SRV records are now documented.
900 * [1610] Fixed AES credential delegation under GSSAPI.
902 * [1618] ms2mit no longer inserts local addresses into tickets
903 converted from the MS ccache if they began as addressless tickets.
905 * [1619] etype_info parser (once again) accepts extra field emitted by
908 * [1643] Some typos in kdc.conf.M have been fixed.
910 * [1648] For consistency, leading spaces before preprocessor
911 directives in profile.h have been removed.
913 --[ DELETE BEFORE RELEASE ---changes to unreleased code, etc.--- ]--
915 * [1054] KRB-CRED messages for RC4 are encrypted now.
917 * [1177] krb5-1-2-2-branch merged onto trunk.
919 * [1193] Punted comment about reworking key storage architecture.
921 * [1208] install-headers target implemented.
923 * [1223] asn1_decode_oid, asn1_encode_oid implemented
925 * [1248] RC4 is explicitly excluded from combine_keys.
927 * [1276] Generated dependencies handle --without-krb4 properly now.
929 * [1339] An inadvertent change to the krb4 get_adm_hst API (strcpy vs
930 strncpy etc.) has been fixed.
932 * [1384, 1413] Use of autoconf-2.52 in util/reconf will now cause a
935 * [1388] DNS support is turned on in KfM.
937 * [1391] Fix kadmind startup failure with krb4 vuln patch.
939 * [1409] get_ad_tkt() now prompts for password if there are no tickets
942 * [1447] vts_long() and vts_short() work now.
944 * [1462] KfM adds exports of set_pw calls.
946 * [1477] compile_et output not used in err_txt.c.
948 * [1495] KfM now exports string_to_key_with_params.
950 * [1512, 1522] afs_string_to_key now works with etype_info2.
952 * [1514] krb5int_populate_gic_opt returns void now.
954 * [1521] Using an afs3 salt for an AES key no longer causes
957 * [1533] krb524.h no longer contains invalid Mac pragmas.
959 * [1546] krb_mk_req_creds() no longer zeros the session key.
961 * [1554] The krb4 string-to-key iteration now accounts correctly for
962 the decrypt-in-place semantics of libdes425.
964 * [1557] KerberosLoginPrivate.h is now correctly included for the use
965 of __KLAllowHomeDirectoryAccess() in init_os_ctx.c (for KfM).
967 * [1558] KfM exports the new krb524 interface.
969 * [1563] krb__get_srvtaname() no longer returns a pointer that is
970 free()d upon a subsequent call.
972 * [1569] A debug statement has been removed from krb524init.
974 * [1592] Document possible file rename lossage when building against
977 * [1594] Darwin gets an explicit dependency of err_txt.o on
980 * [1596] Calling conventions, etc. tweaked for KfW build of
983 * [1600] Minor tweaks to README to improve notes on IPv6, etc.
985 * [1605] Fixed a leak of subkeys in krb5_rd_rep().
987 * [1630] krb5_get_in_tkt_with_keytab() works now; previously borken by
988 reimplementation in terms of krb5_get_init_creds().
990 * [1642] KfM build now inherits CFLAGS and LDFLAGS from parent project.
992 Copyright Notice and Legal Administrivia
993 ----------------------------------------
995 Copyright (C) 1985-2004 by the Massachusetts Institute of Technology.
999 Export of this software from the United States of America may require
1000 a specific license from the United States Government. It is the
1001 responsibility of any person or organization contemplating export to
1002 obtain such a license before exporting.
1004 WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
1005 distribute this software and its documentation for any purpose and
1006 without fee is hereby granted, provided that the above copyright
1007 notice appear in all copies and that both that copyright notice and
1008 this permission notice appear in supporting documentation, and that
1009 the name of M.I.T. not be used in advertising or publicity pertaining
1010 to distribution of the software without specific, written prior
1011 permission. Furthermore if you modify this software you must label
1012 your software as modified software and not distribute it in such a
1013 fashion that it might be confused with the original MIT software.
1014 M.I.T. makes no representations about the suitability of this software
1015 for any purpose. It is provided "as is" without express or implied
1018 THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
1019 IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
1020 WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
1022 Individual source code files are copyright MIT, Cygnus Support,
1023 OpenVision, Oracle, Sun Soft, FundsXpress, and others.
1025 Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
1026 and Zephyr are trademarks of the Massachusetts Institute of Technology
1027 (MIT). No commercial use of these trademarks may be made without
1028 prior written permission of MIT.
1030 "Commercial use" means use of a name in a product or other for-profit
1031 manner. It does NOT prevent a commercial firm from referring to the
1032 MIT trademarks in order to convey information (although in doing so,
1033 recognition of their trademark status should be given).
1037 The following copyright and permission notice applies to the
1038 OpenVision Kerberos Administration system located in kadmin/create,
1039 kadmin/dbutil, kadmin/passwd, kadmin/server, lib/kadm5, and portions
1042 Copyright, OpenVision Technologies, Inc., 1996, All Rights Reserved
1044 WARNING: Retrieving the OpenVision Kerberos Administration system
1045 source code, as described below, indicates your acceptance of the
1046 following terms. If you do not agree to the following terms, do not
1047 retrieve the OpenVision Kerberos administration system.
1049 You may freely use and distribute the Source Code and Object Code
1050 compiled from it, with or without modification, but this Source
1051 Code is provided to you "AS IS" EXCLUSIVE OF ANY WARRANTY,
1052 INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR
1053 FITNESS FOR A PARTICULAR PURPOSE, OR ANY OTHER WARRANTY, WHETHER
1054 EXPRESS OR IMPLIED. IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY
1055 FOR ANY LOST PROFITS, LOSS OF DATA OR COSTS OF PROCUREMENT OF
1056 SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR
1057 CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, INCLUDING,
1058 WITHOUT LIMITATION, THOSE RESULTING FROM THE USE OF THE SOURCE
1059 CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR ANY
1062 OpenVision retains all copyrights in the donated Source Code. OpenVision
1063 also retains copyright to derivative works of the Source Code, whether
1064 created by OpenVision or by a third party. The OpenVision copyright
1065 notice must be preserved if derivative works are made based on the
1066 donated Source Code.
1068 OpenVision Technologies, Inc. has donated this Kerberos
1069 Administration system to MIT for inclusion in the standard
1070 Kerberos 5 distribution. This donation underscores our
1071 commitment to continuing Kerberos technology development
1072 and our gratitude for the valuable work which has been
1073 performed by MIT and the Kerberos community.
1077 Portions contributed by Matt Crawford <crawdad@fnal.gov> were
1078 work performed at Fermi National Accelerator Laboratory, which is
1079 operated by Universities Research Association, Inc., under
1080 contract DE-AC02-76CHO3000 with the U.S. Department of Energy.
1082 ---- The implementation of the Yarrow pseudo-random number generator
1083 in src/lib/crypto/yarrow has the following copyright:
1085 Copyright 2000 by Zero-Knowledge Systems, Inc.
1087 Permission to use, copy, modify, distribute, and sell this software
1088 and its documentation for any purpose is hereby granted without fee,
1089 provided that the above copyright notice appear in all copies and that
1090 both that copyright notice and this permission notice appear in
1091 supporting documentation, and that the name of Zero-Knowledge Systems,
1092 Inc. not be used in advertising or publicity pertaining to
1093 distribution of the software without specific, written prior
1094 permission. Zero-Knowledge Systems, Inc. makes no representations
1095 about the suitability of this software for any purpose. It is
1096 provided "as is" without express or implied warranty.
1098 ZERO-KNOWLEDGE SYSTEMS, INC. DISCLAIMS ALL WARRANTIES WITH REGARD TO
1099 THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
1100 FITNESS, IN NO EVENT SHALL ZERO-KNOWLEDGE SYSTEMS, INC. BE LIABLE FOR
1101 ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
1102 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
1103 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTUOUS ACTION, ARISING OUT
1104 OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
1106 ---- The implementation of the AES encryption algorithm in
1107 src/lib/crypto/aes has the following copyright:
1109 Copyright (c) 2001, Dr Brian Gladman <brg@gladman.uk.net>, Worcester, UK.
1110 All rights reserved.
1114 The free distribution and use of this software in both source and binary
1115 form is allowed (with or without changes) provided that:
1117 1. distributions of this source code include the above copyright
1118 notice, this list of conditions and the following disclaimer;
1120 2. distributions in binary form include the above copyright
1121 notice, this list of conditions and the following disclaimer
1122 in the documentation and/or other associated materials;
1124 3. the copyright holder's name is not used to endorse products
1125 built using this software without specific written permission.
1129 This software is provided 'as is' with no explcit or implied warranties
1130 in respect of any properties, including, but not limited to, correctness
1131 and fitness for purpose.
1138 Appreciation Time!!!! There are far too many people to try to thank
1139 them all; many people have contributed to the development of Kerberos
1140 V5. This is only a partial listing....
1142 Thanks to Paul Vixie and the Internet Software Consortium for funding
1143 the work of Barry Jaspan. This funding was invaluable for the OV
1144 administration server integration, as well as the 1.0 release
1145 preparation process.
1147 Thanks to John Linn, Scott Foote, and all of the folks at OpenVision
1148 Technologies, Inc., who donated their administration server for use in
1149 the MIT release of Kerberos.
1151 Thanks to Jeff Bigler, Mark Eichin, Marc Horowitz, Nancy Gilman, Ken
1152 Raeburn, and all of the folks at Cygnus Support, who provided
1153 innumerable bug fixes and portability enhancements to the Kerberos V5
1154 tree. Thanks especially to Jeff Bigler, for the new user and system
1155 administrator's documentation.
1157 Thanks to Doug Engert from ANL for providing many bug fixes, as well
1158 as testing to ensure DCE interoperability.
1160 Thanks to Ken Hornstein at NRL for providing many bug fixes and
1161 suggestions, and for working on SAM preauthentication.
1163 Thanks to Matt Crawford at FNAL for bugfixes and enhancements.
1165 Thanks to Sean Mullan and Bill Sommerfeld from Hewlett Packard for
1166 their many suggestions and bug fixes.
1168 Thanks to Nalin Dahyabhai of RedHat and Chris Evans for locating and
1169 providing patches for numerous buffer overruns.
1171 Thanks to Christopher Thompson and Marcus Watts for discovering the
1174 Thanks to Paul Nelson of Thursby Software Systems for implementing the
1175 Microsoft set password protocol.
1177 Thanks to the members of the Kerberos V5 development team at MIT, both
1178 past and present: Danilo Almeida, Jeffrey Altman, Jay Berkenbilt,
1179 Richard Basch, Mitch Berger, John Carr, Don Davis, Alexandra Ellwood,
1180 Nancy Gilman, Matt Hancher, Sam Hartman, Paul Hill, Marc Horowitz, Eva
1181 Jacobus, Miroslav Jurisic, Barry Jaspan, Geoffrey King, John Kohl,
1182 Peter Litwack, Scott McGuire, Kevin Mitchell, Cliff Neuman, Paul Park,
1183 Ezra Peisach, Chris Provenzano, Ken Raeburn, Jon Rochlis, Jeff
1184 Schiller, Jen Selby, Brad Thompson, Harry Tsai, Ted Ts'o, Marshall