-these were the
- Kerberos Version 5, Release 1.1
+ Kerberos Version 5, Release 1.9
- Release Notes
-which will be updated before the next release by
- The MIT Kerberos Team
+ Release Notes
+ The MIT Kerberos Team
-Unpacking the Source Distribution
----------------------------------
+Copyright and Other Notices
+---------------------------
-The source distribution of Kerberos 5 comes in three gzipped tarfiles,
-krb5-1.1.src.tar.gz, krb5-1.1.doc.tar.gz, and krb5-1.1.crypto.tar.gz.
-The krb5-1.1.doc.tar.gz contains the doc/ directory and this README
-file. The krb5-1.1.src.tar.gz contains the src/ directory and this
-README file, except for the crypto library sources, which are in
-krb5-1.1.crypto.tar.gz.
+Copyright (C) 1985-2011 by the Massachusetts Institute of Technology
+and its contributors. All rights reserved.
-Instruction on how to extract the entire distribution follow. These
-directions assume that you want to extract into a directory called
-DIST.
+Please see the file named NOTICE for additional notices.
-If you have the GNU tar program and gzip installed, you can simply do:
+MIT Kerberos is a project of the MIT Kerberos Consortium. For more
+information about the Kerberos Consortium, see http://kerberos.org/
- mkdir DIST
- cd DIST
- gtar zxpf krb5-1.1.src.tar.gz
- gtar zxpf krb5-1.1.crypto.tar.gz
- gtar zxpf krb5-1.1.doc.tar.gz
+For more information about the MIT Kerberos software, see
+ http://web.mit.edu/kerberos/
-If you don't have GNU tar, you will need to get the FSF gzip
-distribution and use gzcat:
-
- mkdir DIST
- cd DIST
- gzcat krb5-1.1.src.tar.gz | tar xpf -
- gzcat krb5-1.1.crypto.tar.gz | tar xpf -
- gzcat krb5-1.1.doc.tar.gz | tar xpf -
-
-Both of these methods will extract the sources into DIST/krb5-1.1/src
-and the documentation into DIST/krb5-1.1/doc.
+People interested in participating in the MIT Kerberos development
+effort should visit http://k5wiki.kerberos.org/
Building and Installing Kerberos 5
----------------------------------
-The first file you should look at is doc/install.ps; it contains the
-notes for building and installing Kerberos 5. The info file
+The first file you should look at is doc/install-guide.ps; it contains
+the notes for building and installing Kerberos 5. The info file
krb5-install.info has the same information in info file format. You
can view this using the GNU emacs info-mode, or by using the
standalone info file viewer from the Free Software Foundation. This
compile and install Kerberos V5 on any platform, you may send mail to
krb5-bugs@mit.edu.
-Notes, Major Changes, and Known Bugs
-------------------------------------
-
-* Triple DES support is included; however, it is only usable for
- service keys at the moment, due to a large number of compatibility
- issues. For example, the GSSAPI library has some (buggy) support
- for a triple DES session key, but it is intentionally disabled.
- ** Do not use triple-DES in your config files except as described in
- ** the documentation.
-
-* The principal database now uses the btree backend of Berkeley DB.
- This should result in improved KDC performance.
-
-* The lib/rpc tests do not appear to work under NetBSD-1.4, for
- reasons that are not completely clear at the moment, but probably
- have something to do with portmapper interfacing. This should not
- affect other operations, such as kadmind operation.
-
-* Shared library builds are under a new framework; at this point only
- Solaris (2.x), Irix (6.5), NetBSD (1.4 i386), and possibly Linux are
- known to work. All other working shared library builds may be
- figments of your imagination.
-
-* Many existing databases, especially those converted from krb4
- original databases, may contain expiration dates in 1999. You
- should make sure to update these expiration dates, and also change
- any config file entries that have two-digit years.
-
-* Hardware preauthentication is known to be broken; this will be fixed
- in an upcoming release.
-
-* krb524d now defaults to forking into the background; use
- "krb524d -nofork" to avoid forking.
-
-* Not all reported bugs have been fixed in this release, due to time
- constraints. We are planning to make another release in the near
- future with more complete triple DES support, and additional
- bugfixes. Many of the bugs in our database are reported against
- what is now quite old code, or require hardware that we do not have,
- which make them difficult to reproduce and debug. We will work on
- these older bugs and some externally submitted patches for the
- following release.
-
-Copyright Notice and Legal Administrivia
-----------------------------------------
-
-Copyright (C) 1985-1999 by the Massachusetts Institute of Technology.
-
-All rights reserved.
-
-Export of this software from the United States of America may require
-a specific license from the United States Government. It is the
-responsibility of any person or organization contemplating export to
-obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. Furthermore if you modify this software you must label
-your software as modified software and not distribute it in such a
-fashion that it might be confused with the original MIT software.
-M.I.T. makes no representations about the suitability of this software
-for any purpose. It is provided "as is" without express or implied
-warranty.
-
-THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
-IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
-WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-
-Individual source code files are copyright MIT, Cygnus Support,
-OpenVision, Oracle, Sun Soft, FundsXpress, and others.
-
-Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
-and Zephyr are trademarks of the Massachusetts Institute of Technology
-(MIT). No commercial use of these trademarks may be made without
-prior written permission of MIT.
-
-"Commercial use" means use of a name in a product or other for-profit
-manner. It does NOT prevent a commercial firm from referring to the
-MIT trademarks in order to convey information (although in doing so,
-recognition of their trademark status should be given).
-
-The following copyright and permission notice applies to the
-OpenVision Kerberos Administration system located in kadmin/create,
-kadmin/dbutil, kadmin/passwd, kadmin/server, lib/kadm5, and portions
-of lib/rpc:
-
- Copyright, OpenVision Technologies, Inc., 1996, All Rights Reserved
-
- WARNING: Retrieving the OpenVision Kerberos Administration system
- source code, as described below, indicates your acceptance of the
- following terms. If you do not agree to the following terms, do not
- retrieve the OpenVision Kerberos administration system.
-
- You may freely use and distribute the Source Code and Object Code
- compiled from it, with or without modification, but this Source
- Code is provided to you "AS IS" EXCLUSIVE OF ANY WARRANTY,
- INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR
- FITNESS FOR A PARTICULAR PURPOSE, OR ANY OTHER WARRANTY, WHETHER
- EXPRESS OR IMPLIED. IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY
- FOR ANY LOST PROFITS, LOSS OF DATA OR COSTS OF PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR
- CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, INCLUDING,
- WITHOUT LIMITATION, THOSE RESULTING FROM THE USE OF THE SOURCE
- CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR ANY
- OTHER REASON.
-
- OpenVision retains all copyrights in the donated Source Code. OpenVision
- also retains copyright to derivative works of the Source Code, whether
- created by OpenVision or by a third party. The OpenVision copyright
- notice must be preserved if derivative works are made based on the
- donated Source Code.
-
- OpenVision Technologies, Inc. has donated this Kerberos
- Administration system to MIT for inclusion in the standard
- Kerberos 5 distribution. This donation underscores our
- commitment to continuing Kerberos technology development
- and our gratitude for the valuable work which has been
- performed by MIT and the Kerberos community.
+Please keep in mind that unencrypted e-mail is not secure. If you need
+to report a security vulnerability, or send sensitive information,
+please PGP-encrypt it to krbcore-security@mit.edu.
+
+You may view bug reports by visiting
+
+ http://krbdev.mit.edu/rt/
+
+and logging in as "guest" with password "guest".
+
+DES transition
+--------------
+
+The Data Encryption Standard (DES) is widely recognized as weak. The
+krb5-1.7 release contains measures to encourage sites to migrate away
+from using single-DES cryptosystems. Among these is a configuration
+variable that enables "weak" enctypes, which defaults to "false"
+beginning with krb5-1.8.
+
+Major changes in 1.9.1
+----------------------
+
+This is primarily a bugfix release.
+
+* Fix vulnerabilities:
+ ** kpropd denial of service [MITKRB5-SA-2011-001 CVE-2010-4022]
+ ** KDC denial of service attacks [MITKRB5-SA-2011-002
+ CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]
+ ** KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003
+ CVE-2011-0284]
+ ** kadmind frees invalid pointer [MITKRB5-SA-2011-004 CVE-2011-0285]
+
+* Interoperability:
+
+ ** Don't reject AP-REQ messages if their PAC doesn't validate;
+ suppress the PAC instead.
+
+ ** Correctly validate HMAC-MD5 checksums that use DES keys
+
+krb5-1.9.1 changes by ticket ID
+-------------------------------
+
+6596 [Michael Spang] Bug#561176: krb5-kdc-ldap: krb5kdc leaks file
+ descriptors
+6675 segfault in gss_export_sec_context
+6800 memory leak in kg_new_connection
+6847 Suppress camellia-gen in 1.9 make check
+6849 Fix edge case in LDAP last_admin_unlock processing
+6852 Make gss_krb5_set_allowable_enctypes work for the acceptor
+6856 Fix seg faulting trace log message for use of fallback realm
+6859 kpropd denial of service [MITKRB5-SA-2011-001 CVE-2010-4022]
+6860 KDC denial of service attacks [MITKRB5-SA-2011-002
+ CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]
+6867 Trace logging file descriptor leak
+6869 hmac-md5 checksum doesn't work with DES keys
+6870 Don't reject AP-REQs based on PACs
+6871 "make distclean" leaves an object file behind.
+6875 kdb5_util mkey operations hit assertion when iprop is enabled
+6881 KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003 CVE-2011-0284]
+6899 kadmind frees invalid pointer [MITKRB5-SA-2011-004 CVE-2011-0285]
+
+Major changes in 1.9
+--------------------
+
+Additional background information on these changes may be found at
+
+ http://k5wiki.kerberos.org/wiki/Release_1.9
+
+and
+
+ http://k5wiki.kerberos.org/wiki/Category:Release_1.9_projects
+
+Code quality:
+
+* Fix MITKRB5-SA-2010-007 checksum vulnerabilities (CVE-2010-1324 and
+ others).
+
+* Add a Python-based testing framework.
+
+* Perform DAL cleanup.
+
+Developer experience:
+
+* Add NSS crypto back end.
+
+* Improve PRNG modularity.
+
+* Add a Fortuna-like PRNG back end.
+
+Performance:
+
+* Account lockout performance improvements -- allow disabling of some
+ account lockout functionality to reduce the number of write
+ operations to the database during authentication
+
+* Add support for multiple KDC worker processes.
+
+Administrator experience:
+
+* Add Trace logging support to ease the diagnosis of configuration
+ problems.
+
+* Add support for purging old keys (e.g. from "cpw -randkey -keepold").
+
+* Add plugin interface for password sync -- based on proposed patches
+ by Russ Allbery that support his krb5-sync package
+
+* Add plugin interface for password quality checks -- enables
+ pluggable password quality checks similar to Russ Allbery's
+ krb5-strength package.
+
+* Add a configuration file validator script.
+
+* Add KDC support for SecurID preauthentication -- this is the old
+ SAM-2 protocol, implemented to support existing deployments, not the
+ in-progress FAST-OTP work.
+
+* Add "cheat" capability for kinit when running on a KDC host.
+
+Protocol evolution:
+
+* Add support for IAKERB -- a mechanism for tunneling Kerberos KDC
+ transactions over GSS-API, enabling clients to authenticate to
+ services even when the clients cannot directly reach the KDC that
+ serves the services.
+
+* Add support for Camellia encryption (experimental; disabled by
+ default).
+
+* Add GSS-API support for implementors of the SASL GS2 bridge
+ mechanism.
+
+krb5-1.9 changes by ticket ID
+-----------------------------
+
+1219 mechanism to delete old keys should exist
+2032 No advanced warning of password expiry
+5014 kadmin (and other utilities) should report enctypes as it takes them
+6647 Memory leak in kdc
+6672 Python test framework
+6679 Lazy history key creation
+6684 Simple kinit verbosity patch
+6686 IPv6 support for kprop and kpropd
+6688 mit-krb5-1.7 fails to compile against openssl-1.0.0
+6699 Validate and renew should work on non-TGT creds
+6700 Introduce new krb5_tkt_creds API
+6712 Add IAKERB mechanism and gss_acquire_cred_with_password
+6714 [patch] fix format errors in krb5-1.8.1
+6715 cksum_body exports
+6719 Add lockout-related performance tuning variables
+6720 Negative enctypes improperly read from keytabs
+6723 Negative enctypes improperly read from ccaches
+6733 Make signedpath authdata visible via GSS naming exts
+6736 Add krb5_enctype_to_name() API
+6737 Trace logging
+6746 Make kadmin work over IPv6
+6749 DAL improvements
+6753 Fix XDR decoding of large values in xdr_u_int
+6755 Add GIC option for password/account expiration callback
+6758 Allow krb5_gss_register_acceptor_identity to unset keytab name
+6760 Fail properly when profile can't be accessed
+6761 add profile include support
+6762 key expiration computed incorrectly in libkdb_ldap
+6763 New plugin infrastructure
+6765 Password quality pluggable interface
+6769 clean up memory leak and potential unused variable in crypto tests
+6771 Fix memory leaks in kdb5_verify
+6772 Ensure valid key in krb5int_yarrow_cipher_encrypt_block
+6774 pkinit client cert matching can be disrupted by one of the
+ candidate certs
+6775 pkinit <KU> evaluation during certificate matching may fail
+6776 Typos in src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+6777 Segmentation fault in krb library (sn2princ.c) if realm not resolved
+6778 kdb: store mkey list in context and permit NULL mkey for
+ kdb_dbe_decrypt_key_data
+6779 kinit: add KDB keytab support
+6783 KDC worker processes feature
+6784 relicense Sun RPC to 3-clause BSD-style
+6785 Add gss_krb5_import_cred
+6786 kpasswd: if a credential cache is present, use FAST
+6787 S4U memory leak
+6791 kadm5_hook: new plugin interface
+6792 Implement k5login_directory and k5login_authoritative options
+6793 acquire_init_cred leaks interned name
+6794 krb5.conf manpage missing reference to rdns setting
+6795 Propagate modprinc -unlock from master to slave KDCs
+6796 segfault due to uninitialized variable in S4U
+6799 Performance issue in LDAP policy fetch
+6801 Fix leaks in get_init_creds interface
+6802 copyright notice updates
+6804 Remove KDC replay cache
+6805 securID code fixes
+6806 securID error handling fix
+6807 SecurID build support
+6809 gss_krb5int_make_seal_token_v3_iov fails to set conf_state
+6810 Better libk5crypto NSS fork safety
+6811 Mark Camellia-CCM code as experimental
+6812 krb5_get_credentials should not fail due to inability to store
+ a credential in a cache
+6815 Failed kdb5_util load removes real database
+6819 Handle referral realm in kprop client principal
+6820 Read KDC profile settings in kpropd
+6822 Implement Camellia-CTS-CMAC instead of Camellia-CCM
+6823 getdate.y: declare yyparse
+6824 Export krb5_tkt_creds_get
+6825 Add missing KRB5_CALLCONV in callback declaration
+6826 Fix Windows build
+6827 SA-2010-007 Checksum vulnerabilities (CVE-2010-1324 and others)
+6828 Install kadm5_hook_plugin.h
+6829 Implement restrict_anonymous_to_tgt realm flag
+6838 Regression in renewable handling
+6839 handle MS PACs that lack server checksum
+6840 typo in plugin-related error message
+6841 memory leak in changepw.c
+6842 Ensure time() is prototyped in g_accept_sec_context.c
Acknowledgements
----------------
-Appreciation Time!!!! There are far too many people to try to thank
-them all; many people have contributed to the development of Kerberos
-V5. This is only a partial listing....
-
-Thanks to Paul Vixie and the Internet Software Consortium for funding
-the work of Barry Jaspan. This funding was invaluable for the OV
-administration server integration, as well as the 1.0 release
-preparation process.
-
-Thanks to John Linn, Scott Foote, and all of the folks at OpenVision
-Technologies, Inc., who donated their administration server for use in
-the MIT release of Kerberos.
-
-Thanks to Jeff Bigler, Mark Eichin, Marc Horowitz, Nancy Gilman, Ken
-Raeburn, and all of the folks at Cygnus Support, who provided
-innumerable bug fixes and portability enhancements to the Kerberos V5
-tree. Thanks especially to Jeff Bigler, for the new user and system
-administrator's documentation.
-
-Thanks to Doug Engert from ANL for providing many bug fixes, as well
-as testing to ensure DCE interoperability.
-
-Thanks to Ken Hornstein at NRL for providing many bug fixes and
-suggestions.
-
-Thanks to Sean Mullan and Bill Sommerfeld from Hewlett Packard for
-their many suggestions and bug fixes.
-
-Thanks to the members of the Kerberos V5 development team at MIT, both
-past and present: Danillo Almeida, Jay Berkenbilt, Richard Basch, John
-Carr, Don Davis, Alexandra Ellwood, Nancy Gilman, Matt Hancher, Sam
-Hartman, Paul Hill, Marc Horowitz, Eva Jacobus, Barry Jaspan, Geoffrey
-King, John Kohl, Scott McGuire, Kevin Mitchell, Cliff Neuman, Paul
-Park, Ezra Peisach, Chris Provenzano, Ken Raeburn, Jon Rochlis, Jeff
-Schiller, Brad Thompson, Harry Tsai, Ted Ts'o, Marshall Vale, Tom Yu.
+Past and present Sponsors of the MIT Kerberos Consortium:
+
+ Apple
+ Carnegie Mellon University
+ Centrify Corporation
+ Columbia University
+ Cornell University
+ The Department of Defense of the United States of America (DoD)
+ Google
+ Iowa State University
+ MIT
+ Michigan State University
+ Microsoft
+ The National Aeronautics and Space Administration
+ of the United States of America (NASA)
+ Network Appliance (NetApp)
+ Nippon Telephone and Telegraph (NTT)
+ Oracle
+ Pennsylvania State University
+ Red Hat
+ Stanford University
+ TeamF1, Inc.
+ The University of Alaska
+ The University of Michigan
+ The University of Pennsylvania
+
+Past and present members of the Kerberos Team at MIT:
+
+ Danilo Almeida
+ Jeffrey Altman
+ Justin Anderson
+ Richard Basch
+ Mitch Berger
+ Jay Berkenbilt
+ Andrew Boardman
+ Bill Bryant
+ Steve Buckley
+ Joe Calzaretta
+ John Carr
+ Mark Colan
+ Don Davis
+ Alexandra Ellwood
+ Dan Geer
+ Nancy Gilman
+ Matt Hancher
+ Thomas Hardjono
+ Sam Hartman
+ Paul Hill
+ Marc Horowitz
+ Eva Jacobus
+ Miroslav Jurisic
+ Barry Jaspan
+ Geoffrey King
+ Kevin Koch
+ John Kohl
+ HaoQi Li
+ Peter Litwack
+ Scott McGuire
+ Steve Miller
+ Kevin Mitchell
+ Cliff Neuman
+ Paul Park
+ Ezra Peisach
+ Chris Provenzano
+ Ken Raeburn
+ Jon Rochlis
+ Jeff Schiller
+ Jen Selby
+ Robert Silk
+ Bill Sommerfeld
+ Jennifer Steiner
+ Ralph Swick
+ Brad Thompson
+ Harry Tsai
+ Zhanna Tsitkova
+ Ted Ts'o
+ Marshall Vale
+ Tom Yu
+
+The following external contributors have provided code, patches, bug
+reports, suggestions, and valuable resources:
+
+ Brandon Allbery
+ Russell Allbery
+ Brian Almeida
+ Michael B Allen
+ Derek Atkins
+ David Bantz
+ Alex Baule
+ Arlene Berry
+ Jeff Blaine
+ Radoslav Bodo
+ Emmanuel Bouillon
+ Michael Calmer
+ Julien Chaffraix
+ Ravi Channavajhala
+ Srinivas Cheruku
+ Leonardo Chiquitto
+ Howard Chu
+ Andrea Cirulli
+ Christopher D. Clausen
+ Kevin Coffman
+ Simon Cooper
+ Sylvain Cortes
+ Nalin Dahyabhai
+ Dennis Davis
+ Roland Dowdeswell
+ Jason Edgecombe
+ Mark Eichin
+ Shawn M. Emery
+ Douglas E. Engert
+ Peter Eriksson
+ Ronni Feldt
+ Bill Fellows
+ JC Ferguson
+ William Fiveash
+ Ákos Frohner
+ Marcus Granado
+ Scott Grizzard
+ Helmut Grohne
+ Steve Grubb
+ Philip Guenther
+ Dominic Hargreaves
+ Jakob Haufe
+ Jeff Hodges
+ Love Hörnquist Åstrand
+ Ken Hornstein
+ Henry B. Hotz
+ Luke Howard
+ Jakub Hrozek
+ Shumon Huque
+ Jeffrey Hutzelman
+ Wyllys Ingersoll
+ Holger Isenberg
+ Pavel Jindra
+ Joel Johnson
+ Mikkel Kruse
+ Volker Lendecke
+ Jan iankko Lieskovsky
+ Kevin Longfellow
+ Ryan Lynch
+ Cameron Meadors
+ Franklyn Mendez
+ Markus Moeller
+ Paul Moore
+ Keiichi Mori
+ Zbysek Mraz
+ Edward Murrell
+ Nikos Nikoleris
+ Felipe Ortega
+ Dmitri Pal
+ Javier Palacios
+ Ezra Peisach
+ W. Michael Petullo
+ Mark Phalan
+ Robert Relyea
+ Martin Rex
+ Jason Rogers
+ Mike Roszkowski
+ Guillaume Rousse
+ Tom Shaw
+ Peter Shoults
+ Simo Sorce
+ Michael Spang
+ Michael Ströder
+ Bjørn Tore Sund
+ Rathor Vipin
+ Jorgen Wahlsten
+ Max (Weijun) Wang
+ John Washington
+ Marcus Watts
+ Simon Wilkinson
+ Nicolas Williams
+ Ross Wilper
+ Xu Qiang
+ Hanz van Zijst
+
+The above is not an exhaustive list; many others have contributed in
+various ways to the MIT Kerberos development effort over the years.
+Other acknowledgments (for bug reports and patches) are in the
+doc/CHANGES file.
projects / krb5.git / blobdiff