Copyright and Other Notices
---------------------------
-Copyright (C) 1985-2010 by the Massachusetts Institute of Technology
+Copyright (C) 1985-2011 by the Massachusetts Institute of Technology
and its contributors. All rights reserved.
Please see the file named NOTICE for additional notices.
+MIT Kerberos is a project of the MIT Kerberos Consortium. For more
+information about the Kerberos Consortium, see http://kerberos.org/
+
+For more information about the MIT Kerberos software, see
+ http://web.mit.edu/kerberos/
+
+People interested in participating in the MIT Kerberos development
+effort should visit http://k5wiki.kerberos.org/
+
Building and Installing Kerberos 5
----------------------------------
compile and install Kerberos V5 on any platform, you may send mail to
krb5-bugs@mit.edu.
+Please keep in mind that unencrypted e-mail is not secure. If you need
+to report a security vulnerability, or send sensitive information,
+please PGP-encrypt it to krbcore-security@mit.edu.
+
You may view bug reports by visiting
-http://krbdev.mit.edu/rt/
+ http://krbdev.mit.edu/rt/
and logging in as "guest" with password "guest".
variable that enables "weak" enctypes, which defaults to "false"
beginning with krb5-1.8.
+Major changes in 1.9.1
+----------------------
+
+This is primarily a bugfix release.
+
+* Fix vulnerabilities:
+ ** kpropd denial of service [MITKRB5-SA-2011-001 CVE-2010-4022]
+ ** KDC denial of service attacks [MITKRB5-SA-2011-002
+ CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]
+ ** KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003
+ CVE-2011-0284]
+ ** kadmind frees invalid pointer [MITKRB5-SA-2011-004 CVE-2011-0285]
+
+* Interoperability:
+
+ ** Don't reject AP-REQ messages if their PAC doesn't validate;
+ suppress the PAC instead.
+
+ ** Correctly validate HMAC-MD5 checksums that use DES keys
+
+krb5-1.9.1 changes by ticket ID
+-------------------------------
+
+6596 [Michael Spang] Bug#561176: krb5-kdc-ldap: krb5kdc leaks file
+ descriptors
+6675 segfault in gss_export_sec_context
+6800 memory leak in kg_new_connection
+6847 Suppress camellia-gen in 1.9 make check
+6849 Fix edge case in LDAP last_admin_unlock processing
+6852 Make gss_krb5_set_allowable_enctypes work for the acceptor
+6856 Fix seg faulting trace log message for use of fallback realm
+6859 kpropd denial of service [MITKRB5-SA-2011-001 CVE-2010-4022]
+6860 KDC denial of service attacks [MITKRB5-SA-2011-002
+ CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]
+6867 Trace logging file descriptor leak
+6869 hmac-md5 checksum doesn't work with DES keys
+6870 Don't reject AP-REQs based on PACs
+6871 "make distclean" leaves an object file behind.
+6875 kdb5_util mkey operations hit assertion when iprop is enabled
+6881 KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003 CVE-2011-0284]
+6899 kadmind frees invalid pointer [MITKRB5-SA-2011-004 CVE-2011-0285]
+
Major changes in 1.9
--------------------
+Additional background information on these changes may be found at
+
+ http://k5wiki.kerberos.org/wiki/Release_1.9
+
+and
+
+ http://k5wiki.kerberos.org/wiki/Category:Release_1.9_projects
+
Code quality:
-* Python-based testing framework
-* DAL cleanup
+* Fix MITKRB5-SA-2010-007 checksum vulnerabilities (CVE-2010-1324 and
+ others).
+
+* Add a Python-based testing framework.
+
+* Perform DAL cleanup.
Developer experience:
-* NSS crypto back end
-* PRNG modularity
-* Fortuna-like PRNG
+* Add NSS crypto back end.
+
+* Improve PRNG modularity.
+
+* Add a Fortuna-like PRNG back end.
Performance:
-* Account lockout performance improvements
+* Account lockout performance improvements -- allow disabling of some
+ account lockout functionality to reduce the number of write
+ operations to the database during authentication
+
+* Add support for multiple KDC worker processes.
Administrator experience:
-* Trace logging
-* Plugin interface for password sync
-* Plugin interface for password quality checks
-* Configuration file validator
-* KDC support for SecurID preauthentication
+* Add Trace logging support to ease the diagnosis of configuration
+ problems.
+
+* Add support for purging old keys (e.g. from "cpw -randkey -keepold").
+
+* Add plugin interface for password sync -- based on proposed patches
+ by Russ Allbery that support his krb5-sync package
+
+* Add plugin interface for password quality checks -- enables
+ pluggable password quality checks similar to Russ Allbery's
+ krb5-strength package.
+
+* Add a configuration file validator script.
+
+* Add KDC support for SecurID preauthentication -- this is the old
+ SAM-2 protocol, implemented to support existing deployments, not the
+ in-progress FAST-OTP work.
+
+* Add "cheat" capability for kinit when running on a KDC host.
Protocol evolution:
-* IAKERB
-* Camellia encryption (experimental; disabled by default)
+* Add support for IAKERB -- a mechanism for tunneling Kerberos KDC
+ transactions over GSS-API, enabling clients to authenticate to
+ services even when the clients cannot directly reach the KDC that
+ serves the services.
+
+* Add support for Camellia encryption (experimental; disabled by
+ default).
+
+* Add GSS-API support for implementors of the SASL GS2 bridge
+ mechanism.
krb5-1.9 changes by ticket ID
-----------------------------
+1219 mechanism to delete old keys should exist
2032 No advanced warning of password expiry
5014 kadmin (and other utilities) should report enctypes as it takes them
6647 Memory leak in kdc
6791 kadm5_hook: new plugin interface
6792 Implement k5login_directory and k5login_authoritative options
6793 acquire_init_cred leaks interned name
+6794 krb5.conf manpage missing reference to rdns setting
6795 Propagate modprinc -unlock from master to slave KDCs
6796 segfault due to uninitialized variable in S4U
6799 Performance issue in LDAP policy fetch
6811 Mark Camellia-CCM code as experimental
6812 krb5_get_credentials should not fail due to inability to store
a credential in a cache
+6815 Failed kdb5_util load removes real database
+6819 Handle referral realm in kprop client principal
+6820 Read KDC profile settings in kpropd
+6822 Implement Camellia-CTS-CMAC instead of Camellia-CCM
+6823 getdate.y: declare yyparse
+6824 Export krb5_tkt_creds_get
+6825 Add missing KRB5_CALLCONV in callback declaration
+6826 Fix Windows build
+6827 SA-2010-007 Checksum vulnerabilities (CVE-2010-1324 and others)
+6828 Install kadm5_hook_plugin.h
+6829 Implement restrict_anonymous_to_tgt realm flag
+6838 Regression in renewable handling
+6839 handle MS PACs that lack server checksum
+6840 typo in plugin-related error message
+6841 memory leak in changepw.c
+6842 Ensure time() is prototyped in g_accept_sec_context.c
Acknowledgements
----------------
Radoslav Bodo
Emmanuel Bouillon
Michael Calmer
+ Julien Chaffraix
Ravi Channavajhala
Srinivas Cheruku
Leonardo Chiquitto
Simon Cooper
Sylvain Cortes
Nalin Dahyabhai
+ Dennis Davis
Roland Dowdeswell
Jason Edgecombe
Mark Eichin
Ákos Frohner
Marcus Granado
Scott Grizzard
+ Helmut Grohne
Steve Grubb
Philip Guenther
Dominic Hargreaves
Mikkel Kruse
Volker Lendecke
Jan iankko Lieskovsky
+ Kevin Longfellow
Ryan Lynch
+ Cameron Meadors
Franklyn Mendez
Markus Moeller
Paul Moore
+ Keiichi Mori
Zbysek Mraz
Edward Murrell
Nikos Nikoleris
+ Felipe Ortega
Dmitri Pal
Javier Palacios
Ezra Peisach
Tom Shaw
Peter Shoults
Simo Sorce
+ Michael Spang
Michael Ströder
Bjørn Tore Sund
Rathor Vipin