-Beta test distribution READ-ME file.
------------------------------------
+ Kerberos Version 5, Release 1.8
-THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
-IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
-WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ Release Notes
+ The MIT Kerberos Team
+Copyright and Other Notices
+---------------------------
-Now, with that out of the way, let me point you to a few things:
+Copyright (C) 1985-2010 by the Massachusetts Institute of Technology
+and its contributors. All rights reserved.
-The file doc/HOW_TO_BUILD gives instructions on how to start build
-Kerberos. More complete building and installation instructions can be
-found in the doc/install.texi. (A postscript file is provided for
-your convenience.)
+Please see the file named NOTICE for additional notices.
-The file doc/TREE-GRAPH is a graphical representation of the source
-directory tree you should receive with this distribution.
+MIT Kerberos is a project of the MIT Kerberos Consortium. For more
+information about the Kerberos Consortium, see http://kerberos.org/
-The file doc/SOURCE-TREE describes what's in each directory.
+For more information about the MIT Kerberos software, see
+ http://web.mit.edu/kerberos/
->> <<
->> Please report any problems/bugs/comments to 'krb5-bugs@athena.mit.edu' <<
->> <<
+People interested in participating in the MIT Kerberos development
+effort should see http://k5wiki.kerberos.org/
+Building and Installing Kerberos 5
+----------------------------------
+The first file you should look at is doc/install-guide.ps; it contains
+the notes for building and installing Kerberos 5. The info file
+krb5-install.info has the same information in info file format. You
+can view this using the GNU emacs info-mode, or by using the
+standalone info file viewer from the Free Software Foundation. This
+is also available as an HTML file, install.html.
-Appreciation Time!!!! There are far too many people to try to thank
-them all; many people have contributed to the development of Kerberos
-V5. This is only a partial listing....
+Other good files to look at are admin-guide.ps and user-guide.ps,
+which contain the system administrator's guide, and the user's guide,
+respectively. They are also available as info files
+kerberos-admin.info and krb5-user.info, respectively. These files are
+also available as HTML files.
-Thanks to Mark Eichin at Cygnus for writing the new autoconf
-configuration system, for making the code much more portable, and for
-serving as pre-release testers.
+If you are attempting to build under Windows, please see the
+src/windows/README file.
-Thanks to Marc Horowitz, Barry Jaspan, and Jonathan Kamens (and
-others) at Openvision, Inc. for providing us with an GSS-API library,
-for serving as pre-release testers, and for finding and fixing many
-bugs.
+Reporting Bugs
+--------------
-Thanks to Cybersafe for providing patches to fix bugs with inter-realm
-authentication.
+Please report any problems/bugs/comments using the krb5-send-pr
+program. The krb5-send-pr program will be installed in the sbin
+directory once you have successfully compiled and installed Kerberos
+V5 (or if you have installed one of our binary distributions).
-Thanks to Ari Medivnsky and Cliff Neuman for writing a ksu client.
+If you are not able to use krb5-send-pr because you haven't been able
+compile and install Kerberos V5 on any platform, you may send mail to
+krb5-bugs@mit.edu.
-Thanks to Jim Miller from Suite Software for contributing many detailed
-bug reports, most of them by doing desk checks over the code!
+Please keep in mind that unencrypted e-mail is not secure. If you need
+to report a security vulnerability, or send sensitive information,
+please PGP-encrypt it to krbcore-security@mit.edu.
-Thanks to Prasad Upasani from ISI for porting the Berkeley
-rlogin/rsh/rcp suite and for testing out our distribution on the Sun.
+You may view bug reports by visiting
-Thanks to Glenn Machin and Bill Wrahe from Sandia National Labs for
-contributing the old kadmin server, plus lots of bugfixes.
+ http://krbdev.mit.edu/rt/
-Thanks to Bill Sommerfeld from HP for commenting on early Kerberos
-interface drafts, suggesting improvements in later coding interfaces,
-and finding and fixing many bugs.
+and logging in as "guest" with password "guest".
-Thanks to Paul Borman from Cray for writing the Kerberos v4 to v5 glue
-layer and the Kerberos v5 subroutines for telnet.
+DES transition
+--------------
-Thanks to Dan Bernstein, for providing the replay cache code.
+The Data Encryption Standard (DES) is widely recognized as weak. The
+krb5-1.7 release contains measures to encourage sites to migrate away
+from using single-DES cryptosystems. Among these is a configuration
+variable that enables "weak" enctypes, which now defaults to "false"
+beginning with krb5-1.8. The krb5-1.8 release includes additional
+measures to ease the transition away from single-DES.
-Thanks to the members of the Kerberos V5 development team at MIT, both
-past and present: Jay Berkenbilt, John Carr, Don Davis, Nancy Gilman,
-Barry Jaspan, John Kohl, Cliff Neuman, Paul Park, Chris Provenzano,
-Jon Rochlis, Jeff Schiller, Ted Ts'o, Tom Yu.
+Major changes in 1.8
+--------------------
+The krb5-1.8 release contains a large number of changes, featuring
+improvements in the following broad areas:
-Note:
+* Code quality
+* Developer experience
+* Performance
+* End-user experience
+* Administrator experience
+* Protocol evolution
-Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, and
-Zephyr are trademarks of the Massachusetts Institute of Technology (MIT). No
-commercial use of these trademarks may be made without prior written
-permission of MIT.
-
-FYI, "commercial use" means use of a name in a product or other for-profit
-manner. It does NOT prevent a commercial firm from referring to the MIT
-trademarks in order to convey information (although in doing so, recognition
-of their trademark status should be given).
+Code quality:
+
+* Move toward test-driven development -- new features have test code,
+ or at least written testing procedures.
+
+* Remove applications to a separate distribution to simplify
+ independent maintenance.
+
+* Increase conformance to coding style
+
+ + "The great reindent"
+
+ + Selective refactoring
+
+Developer experience:
+
+* Crypto modularity -- vendors can more easily substitute their own
+ crypto implementations, which might be hardware-accelerated or
+ validated to FIPS 140, for the builtin crypto implementation that
+ has historically shipped as part of MIT Kerberos. Currently, only
+ an OpenSSL provider is included, but others are planned for the
+ future.
+
+* Move toward improved KDB interface
+
+* Improved API for verifying and interrogating authorization data
+
+Performance:
+
+* Investigate and remedy repeatedly-reported performance bottlenecks.
+
+* Encryption performance -- new crypto API with opaque key structures,
+ to allow for optimizations such as caching of derived keys
+
+End-user experience:
+
+* Reduce DNS dependence by implementing an interface that allows
+ client library to track whether a KDC supports service principal
+ referrals.
+
+Administrator experience:
+
+* Disable DES by default -- this reduces security exposure from using
+ an increasingly insecure cipher.
+
+* More versatile crypto configuration, to simplify migration away from
+ DES -- new configuration syntax to allow inclusion and exclusion of
+ specific algorithms relative to a default set.
+
+* Account lockout for repeated login failures -- mitigates online
+ password guessing attacks, and helps with some enterprise regulatory
+ compliance.
+
+* Bridge layer to allow Heimdal HDB modules to act as KDB backend
+ modules. This provides a migration path from a Heimdal to an MIT
+ KDC.
+
+Protocol evolution:
+
+* FAST enhancements -- preauthentication framework enhancements to
+ allow a client to securely negotiate the use of FAST with a KDC of
+ unknown capabilities.
+
+* Microsoft Services for User (S4U) compatibility: S4U2Self, also
+ known as "protocol transition", allows for service to ask a KDC for
+ a ticket to themselves on behalf of a client authenticated via a
+ different means; S4U2Proxy allows a service to ask a KDC for a
+ ticket to another service on behalf of a client.
+
+* Anonymous PKINIT -- allows the use of public-key cryptography to
+ anonymously authenticate to a realm
+
+* Support doing constrained delegation similar to Microsoft's
+ S4U2Proxy without the use of the Windows PAC. This functionality
+ uses a protocol compatible with Heimdal.
+
+krb5-1.8 changes by ticket ID
+-----------------------------
+
+5468 delete kadmin v1 support
+6206 new API for storing extra per-principal data in ccache
+6434 krb5_cc_resolve() will crash if a null name param is provided
+6454 Make krb5_mkt_resolve error handling work
+6510 Restore limited support for static linking
+6539 Enctype list configuration enhancements
+6546 KDB should use enctype of stashed master key
+6547 Modify kadm5 initializers to accept krb5 contexts
+6563 Implement s4u extensions
+6564 s4u extensions integration broke test suite...
+6565 HP-UX IA64 wrong endian
+6572 Implement GSS naming extensions and authdata verification
+6576 Implement new APIs to allow improved crypto performance
+6577 Account lockout for repeated login failures
+6578 Heimdal DB bridge plugin for KDC back end
+6580 Constrained delegation without PAC support
+6582 Memory leak in _kadm5_init_any introduced with ipropd
+6583 Unbundle applications into separate repository
+6586 libkrb5 support for non-blocking AS requests
+6590 allow testing even if name->addr->name mapping doesn't work
+6591 fix slow behavior on Mac OS X with link-local addresses
+6592 handle negative enctypes better
+6593 Remove dependency on /bin/csh in test suite
+6595 FAST (preauth framework) negotiation
+6597 Add GSS extensions to store credentials, generate random bits
+6598 gss_init_sec_context potential segfault
+6599 memory leak in krb5_rd_req_decrypt_tkt_part
+6600 gss_inquire_context cannot handle no target name from mechanism
+6601 gsssspi_set_cred_option cannot handle mech specific option
+6605 PKINIT client should validate SAN for TGS, not service principal
+6606 allow testing when offline
+6607 anonymous PKINIT
+6616 Fix spelling and hyphen errors in man pages
+6618 Support optional creation of PID files for krb5kdc and kadmind
+6620 kdc_supported_enctypes does nothing; eradicate mentions thereof
+6621 disable weak crypto by default
+6622 kinit_fast fails if weak enctype is among client principal keys
+6623 Always treat anonymous as preauth required
+6624 automated tests for anonymous pkinit
+6625 yarrow code does not initialize keyblock enctype and uses unitialized value
+6626 Restore interoperability with 1.6 addprinc -randkey
+6627 Set enctype in crypto_tests to prevent memory leaks
+6628 krb5int_dk_string_to_key fails to set enctype
+6629 krb5int_derive_key results in cache with uninitialized values
+6630 krb5int_pbkdf2_hmac_sha1 fails to set enctype on keyblock
+6632 Simplify and fix FAST check for keyed checksum type
+6634 Use keyed checksum type for DES FAST
+6640 Make history key exempt from permitted_enctypes
+6642 Add test program for decryption of overly short buffers
+6643 Problem with krb5 libcom_err vs. system libcom_err
+6644 Change basename of libkadm5 libraries to avoid Heimdal conflict
+6645 Add krb5_allow_weak_crypto API
+6648 define MIN() in lib/gssapi/krb5/prf.c
+6649 Get rid of kdb_ext.h and allow out-of-tree KDB plugins
+6651 Handle migration from pre-1.7 databases with master key kvno != 1 (1.8 pullup)
+6652 Make decryption of master key list more robust
+6653 set_default_enctype_var should filter not reject weak enctypes
+6654 Fix greet_server build
+6655 Fix cross-realm handling of AD-SIGNEDPATH
+6656 krb5int_fast_free_state segfaults if state is null
+6657 enc_padata can include empty sequence
+6658 Implement gss_set_neg_mechs
+6660 Minimal support for updating history key
+6662 MITKRB5-SA-2010-001 CVE-2010-0283 KDC denial of service
+6663 update mkrel to deal with changed source layout
+
+Acknowledgements
+----------------
+
+Past and present Sponsors of the MIT Kerberos Consortium:
+
+ Apple
+ Carnegie Mellon University
+ Centrify Corporation
+ Columbia University
+ Cornell University
+ The Department of Defense of the United States of America (DoD)
+ Google
+ Iowa State University
+ MIT
+ Michigan State University
+ Microsoft
+ The National Aeronautics and Space Administration
+ of the United States of America (NASA)
+ Nippon Telephone and Telegraph (NTT)
+ Oracle
+ Pennsylvania State University
+ Red Hat
+ Stanford University
+ TeamF1, Inc.
+ The University of Alaska
+ The University of Michigan
+
+Past and present members of the Kerberos Team at MIT:
+
+ Danilo Almeida
+ Jeffrey Altman
+ Justin Anderson
+ Richard Basch
+ Mitch Berger
+ Jay Berkenbilt
+ Andrew Boardman
+ Bill Bryant
+ Steve Buckley
+ Joe Calzaretta
+ John Carr
+ Mark Colan
+ Don Davis
+ Alexandra Ellwood
+ Dan Geer
+ Nancy Gilman
+ Matt Hancher
+ Thomas Hardjono
+ Sam Hartman
+ Paul Hill
+ Marc Horowitz
+ Eva Jacobus
+ Miroslav Jurisic
+ Barry Jaspan
+ Geoffrey King
+ Kevin Koch
+ John Kohl
+ HaoQi Li
+ Peter Litwack
+ Scott McGuire
+ Steve Miller
+ Kevin Mitchell
+ Cliff Neuman
+ Paul Park
+ Ezra Peisach
+ Chris Provenzano
+ Ken Raeburn
+ Jon Rochlis
+ Jeff Schiller
+ Jen Selby
+ Robert Silk
+ Bill Sommerfeld
+ Jennifer Steiner
+ Ralph Swick
+ Brad Thompson
+ Harry Tsai
+ Zhanna Tsitkova
+ Ted Ts'o
+ Marshall Vale
+ Tom Yu
+
+The following external contributors have provided code, patches, bug
+reports, suggestions, and valuable resources:
+
+ Brandon Allbery
+ Russell Allbery
+ Michael B Allen
+ Derek Atkins
+ David Bantz
+ Alex Baule
+ Arlene Berry
+ Jeff Blaine
+ Radoslav Bodo
+ Emmanuel Bouillon
+ Michael Calmer
+ Ravi Channavajhala
+ Srinivas Cheruku
+ Howard Chu
+ Andrea Cirulli
+ Christopher D. Clausen
+ Kevin Coffman
+ Simon Cooper
+ Sylvain Cortes
+ Nalin Dahyabhai
+ Roland Dowdeswell
+ Jason Edgecombe
+ Mark Eichin
+ Shawn M. Emery
+ Douglas E. Engert
+ Peter Eriksson
+ Ronni Feldt
+ JC Ferguson
+ William Fiveash
+ Ákos Frohner
+ Marcus Granado
+ Scott Grizzard
+ Steve Grubb
+ Philip Guenther
+ Jakob Haufe
+ Jeff Hodges
+ Love Hörnquist Åstrand
+ Ken Hornstein
+ Henry B. Hotz
+ Luke Howard
+ Shumon Huque
+ Jeffrey Hutzelman
+ Wyllys Ingersoll
+ Holger Isenberg
+ Mikkel Kruse
+ Volker Lendecke
+ Ryan Lynch
+ Franklyn Mendez
+ Markus Moeller
+ Paul Moore
+ Edward Murrell
+ Nikos Nikoleris
+ Dmitri Pal
+ Javier Palacios
+ Ezra Peisach
+ W. Michael Petullo
+ Mark Phalan
+ Xu Qiang
+ Robert Relyea
+ Martin Rex
+ Guillaume Rousse
+ Tom Shaw
+ Peter Shoults
+ Simo Sorce
+ Michael Ströder
+ Bjørn Tore Sund
+ Rathor Vipin
+ Jorgen Wahlsten
+ Max (Weijun) Wang
+ John Washington
+ Marcus Watts
+ Simon Wilkinson
+ Nicolas Williams
+ Ross Wilper
+ Hanz van Zijst
+
+The above is not an exhaustive list; many others have contributed in
+various ways to the MIT Kerberos development effort over the years.
+Other acknowledgments (for bug reports and patches) are in the
+doc/CHANGES file.