- Kerberos Version 5, Release 1.5
+ Kerberos Version 5, Release 1.10
- Release Notes
- The MIT Kerberos Team
+ Release Notes
+ The MIT Kerberos Team
-Unpacking the Source Distribution
----------------------------------
+Copyright and Other Notices
+---------------------------
-The source distribution of Kerberos 5 comes in a gzipped tarfile,
-krb5-1.5.tar.gz. Instructions on how to extract the entire
-distribution follow.
+Copyright (C) 1985-2011 by the Massachusetts Institute of Technology
+and its contributors. All rights reserved.
-If you have the GNU tar program and gzip installed, you can simply do:
+Please see the file named NOTICE for additional notices.
- gtar zxpf krb5-1.5.tar.gz
+MIT Kerberos is a project of the MIT Kerberos Consortium. For more
+information about the Kerberos Consortium, see http://kerberos.org/
-If you don't have GNU tar, you will need to get the FSF gzip
-distribution and use gzcat:
+For more information about the MIT Kerberos software, see
+ http://web.mit.edu/kerberos/
- gzcat krb5-1.5.tar.gz | tar xpf -
-
-Both of these methods will extract the sources into krb5-1.5/src and
-the documentation into krb5-1.5/doc.
+People interested in participating in the MIT Kerberos development
+effort should visit http://k5wiki.kerberos.org/
Building and Installing Kerberos 5
----------------------------------
compile and install Kerberos V5 on any platform, you may send mail to
krb5-bugs@mit.edu.
+Please keep in mind that unencrypted e-mail is not secure. If you need
+to report a security vulnerability, or send sensitive information,
+please PGP-encrypt it to krbcore-security@mit.edu.
+
You may view bug reports by visiting
-http://krbdev.mit.edu/rt/
+ http://krbdev.mit.edu/rt/
and logging in as "guest" with password "guest".
-Major changes in 1.5
-----------------------
-
-Merged to the trunk and included in this alpha release:
-
-* plug-in architecture (in-progress)
-
-Not yet merged to the trunk, thus not included in this alpha release:
-
-* LDAP plug-in for KDB
-
-* multi-mechanism GSS-API implementation
-
-* SPNEGO implementation
-
-Minor changes in 1.5
-----------------------
-
-For a list of bugs fixed in krb5-1.5, please consult
-
-http://krbdev.mit.edu/rt/NoAuth/krb5-1.5/fixed-1.5.html
-
-Copyright Notice and Legal Administrivia
-----------------------------------------
-
-Copyright (C) 1985-2006 by the Massachusetts Institute of Technology.
-
-All rights reserved.
-
-Export of this software from the United States of America may require
-a specific license from the United States Government. It is the
-responsibility of any person or organization contemplating export to
-obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. Furthermore if you modify this software you must label
-your software as modified software and not distribute it in such a
-fashion that it might be confused with the original MIT software.
-M.I.T. makes no representations about the suitability of this software
-for any purpose. It is provided "as is" without express or implied
-warranty.
-
-THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
-IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
-WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-
-Individual source code files are copyright MIT, Cygnus Support,
-OpenVision, Oracle, Sun Soft, FundsXpress, and others.
+DES transition
+--------------
-Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
-and Zephyr are trademarks of the Massachusetts Institute of Technology
-(MIT). No commercial use of these trademarks may be made without
-prior written permission of MIT.
+The Data Encryption Standard (DES) is widely recognized as weak. The
+krb5-1.7 release contains measures to encourage sites to migrate away
+from using single-DES cryptosystems. Among these is a configuration
+variable that enables "weak" enctypes, which defaults to "false"
+beginning with krb5-1.8.
-"Commercial use" means use of a name in a product or other for-profit
-manner. It does NOT prevent a commercial firm from referring to the
-MIT trademarks in order to convey information (although in doing so,
-recognition of their trademark status should be given).
+Major changes in 1.10
+---------------------
-----
+Additional background information on these changes may be found at
-The following copyright and permission notice applies to the
-OpenVision Kerberos Administration system located in kadmin/create,
-kadmin/dbutil, kadmin/passwd, kadmin/server, lib/kadm5, and portions
-of lib/rpc:
+ http://k5wiki.kerberos.org/wiki/Release_1.10
- Copyright, OpenVision Technologies, Inc., 1996, All Rights Reserved
+and
- WARNING: Retrieving the OpenVision Kerberos Administration system
- source code, as described below, indicates your acceptance of the
- following terms. If you do not agree to the following terms, do not
- retrieve the OpenVision Kerberos administration system.
+ http://k5wiki.kerberos.org/wiki/Category:Release_1.10_projects
- You may freely use and distribute the Source Code and Object Code
- compiled from it, with or without modification, but this Source
- Code is provided to you "AS IS" EXCLUSIVE OF ANY WARRANTY,
- INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR
- FITNESS FOR A PARTICULAR PURPOSE, OR ANY OTHER WARRANTY, WHETHER
- EXPRESS OR IMPLIED. IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY
- FOR ANY LOST PROFITS, LOSS OF DATA OR COSTS OF PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR
- CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, INCLUDING,
- WITHOUT LIMITATION, THOSE RESULTING FROM THE USE OF THE SOURCE
- CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR ANY
- OTHER REASON.
+Code quality:
- OpenVision retains all copyrights in the donated Source Code. OpenVision
- also retains copyright to derivative works of the Source Code, whether
- created by OpenVision or by a third party. The OpenVision copyright
- notice must be preserved if derivative works are made based on the
- donated Source Code.
+* Fix MITKRB5-SA-2011-006 and MITKRB5SA-2011-007 KDC denial of service
+ vulnerabilities [CVE-2011-1527 CVE-2011-1528 CVE-2011-1529
+ CVE-2011-1530].
- OpenVision Technologies, Inc. has donated this Kerberos
- Administration system to MIT for inclusion in the standard
- Kerberos 5 distribution. This donation underscores our
- commitment to continuing Kerberos technology development
- and our gratitude for the valuable work which has been
- performed by MIT and the Kerberos community.
+* Update the Fortuna implementation to more accurately implement the
+ description in _Cryptography Engineering_, and make it the default
+ PRNG.
-----
+* Add an alternative PRNG that relies on the OS native PRNG.
- Portions contributed by Matt Crawford <crawdad@fnal.gov> were
- work performed at Fermi National Accelerator Laboratory, which is
- operated by Universities Research Association, Inc., under
- contract DE-AC02-76CHO3000 with the U.S. Department of Energy.
-
----- The implementation of the Yarrow pseudo-random number generator
-in src/lib/crypto/yarrow has the following copyright:
-
-Copyright 2000 by Zero-Knowledge Systems, Inc.
-
-Permission to use, copy, modify, distribute, and sell this software
-and its documentation for any purpose is hereby granted without fee,
-provided that the above copyright notice appear in all copies and that
-both that copyright notice and this permission notice appear in
-supporting documentation, and that the name of Zero-Knowledge Systems,
-Inc. not be used in advertising or publicity pertaining to
-distribution of the software without specific, written prior
-permission. Zero-Knowledge Systems, Inc. makes no representations
-about the suitability of this software for any purpose. It is
-provided "as is" without express or implied warranty.
-
-ZERO-KNOWLEDGE SYSTEMS, INC. DISCLAIMS ALL WARRANTIES WITH REGARD TO
-THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
-FITNESS, IN NO EVENT SHALL ZERO-KNOWLEDGE SYSTEMS, INC. BE LIABLE FOR
-ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTUOUS ACTION, ARISING OUT
-OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
----- The implementation of the AES encryption algorithm in
-src/lib/crypto/aes has the following copyright:
-
- Copyright (c) 2001, Dr Brian Gladman <brg@gladman.uk.net>, Worcester, UK.
- All rights reserved.
-
- LICENSE TERMS
-
- The free distribution and use of this software in both source and binary
- form is allowed (with or without changes) provided that:
-
- 1. distributions of this source code include the above copyright
- notice, this list of conditions and the following disclaimer;
-
- 2. distributions in binary form include the above copyright
- notice, this list of conditions and the following disclaimer
- in the documentation and/or other associated materials;
-
- 3. the copyright holder's name is not used to endorse products
- built using this software without specific written permission.
-
- DISCLAIMER
-
- This software is provided 'as is' with no explcit or implied warranties
- in respect of any properties, including, but not limited to, correctness
- and fitness for purpose.
+Developer experience:
+
+* Add the ability for GSSAPI servers to use any keytab key for a
+ specified service, if the server specifies a host-based name with no
+ hostname component.
+
+* In the build system, identify the source files needed for
+ per-message processing within a kernel and ensure that they remain
+ independent.
+
+* Allow rd_safe and rd_priv to ignore the remote address.
+
+* Rework KDC and kadmind networking code to use an event loop
+ architecture.
+
+* Add a plugin interface for providing configuration information.
+
+Administrator experience:
+
+* Add more complete support for renaming principals.
+
+* Add the profile variable ignore_acceptor_hostname in libdefaults. If
+ set, GSSAPI will ignore the hostname component of acceptor names
+ supplied by the server, allowing any keytab key matching the service
+ to be used.
+
+* Add support for string attributes on principal entries.
+
+* Allow password changes to work over NATs.
+
+End-user experience:
+
+* Add the DIR credential cache type, which can hold a collection of
+ credential caches.
+
+* Enhance kinit, klist, and kdestroy to support credential cache
+ collections if the cache type supports it.
+
+* Add the kswitch command, which changes the selected default cache
+ within a collection.
+
+* Add heuristic support for choosing client credentials based on the
+ service realm.
+
+* Add support for $HOME/.k5identity, which allows credential choice
+ based on configured rules.
+
+* Add support for localization. (No translations are provided in this
+ release, but the infrastructure is present for redistributors to
+ supply them.)
+
+Protocol evolution:
+
+* Make PKINIT work with FAST in the client library.
+
+krb5-1.10 changes by ticket ID
+------------------------------
+
+6118 rename principals
+6323 kadmin: rename support
+6430 Avoid looping when preauth can't be generated
+6617 uninitialized values used in mkey-migration code
+6732 checks for openpty() aren't made using -lutil
+6770 kg_unseal leads to overlap of source and desitination in memcpy...
+6813 memory leak in gss_accept_sec_context
+6814 Improve kdb5_util load locking and recovery
+6816 potential memory leak in spnego
+6817 potential null dereference in gss mechglue
+6835 accept_sec_context RFC4121 support bug in 1.8.3
+6851 pkinit can't parse some valid cms messages
+6854 kadmin's ktremove can remove wrong entries when removing kvno 0
+6855 Improve acceptor name flexibility
+6857 missing ifdefs around IPv6 code
+6858 Assume ELF on FreeBSD if objformat doesn't exist
+6863 memory leak on SPNEGO error path
+6868 Defer hostname lookups in krb5_sendto_kdc
+6872 Fix memory leak in t_expire_warn
+6874 Fortuna as default PRNG
+6878 Add test script for user2user programs
+6887 Use first principal in keytab when verifying creds
+6890 Implement draft-josefsson-gss-capsulate
+6891 Add gss_userok and gss_pname_to_uid
+6892 Prevent bleed-through of mechglue symbols into loaded mechs
+6893 error codes from error responses can be discarded when there's e-data
+6894 More sensical mech selection for gss_acquire_cred/accept_sec_context
+6895 gss_duplicate_name SPI for SPNEGO
+6896 Allow anonymous name to be imported with empty name buffer
+6897 Default principal name in the acceptor cred corresponds to
+ first entry in associated keytab.
+6898 Set correct minor_status value in call to gss_display_status.
+6902 S4U impersonated credential KRB5_CC_NOT_FOUND
+6904 Install k5login(5) as well as .k5login(5)
+6905 support poll() in sendto_kdc.c
+6909 Kernel subset
+6910 Account lockout policy parameters not documented
+6911 Account lockout policy options time format
+6914 krb5-1.9.1 static compile error +preliminary patch (fwd)
+6915 klist -s trips over referral entries
+6918 Localize user interface strings using gettext
+6921 Convert preauth_plugin.h to new plugin framework
+6922 Work around glibc getaddrinfo PTR lookups
+6923 Use AI_ADDRCONFIG for more efficient getaddrinfo
+6924 Fix multiple libkdb_ldap memory leaks
+6927 chpass_util.c improvements
+6928 use timegm() for krb5int_gmt_mktime() when available
+6929 Pluggable configuration
+6931 Add libedit/readline support to ss.
+6933 blocking recv caused our server to hang
+6934 don't require a default realm
+6944 gss_acquire_cred erroneous failure and potential segfault for caller
+6945 spnego_gss_acquire_cred_impersonate_name incorrect usage of
+ impersonator_cred_handle
+6951 assertion failure when connections fail in service_fds()
+6953 Add the DIR ccache type
+6954 Add new cache collection APIs
+6955 Remove unneeded cccol behaviors
+6956 Add ccache collection support to tools
+6957 Add krb5_cc_select() API and pluggable interface
+6958 Make gss-krb5 use cache collection
+6961 Support pkinit: SignedData with no signers (KDC)
+6962 pkinit: client: Use SignedData for anonymous
+6964 Support special salt type in default krb5_dbe_cpw.
+6965 Remove CFLAGS and external deps from krb5-config --libs
+6966 Eliminate domain-based client realm walk
+6968 [PATCH] Man page fixes
+6969 Create e_data as pa_data in KDC interfaces.
+6971 Use type-safe callbacks in preauth interface
+6974 Make krb5_pac_sign public
+6975 Add PKINIT NSS support
+6976 Hide gak_fct interface and arguments in clpreauth
+6977 Install krb5/preauth_plugin.h
+6978 Allow rd_priv/rd_safe without remote address
+6979 Allow password changes over NATs
+6980 Ensure termination in Windows vsnprintf wrapper
+6981 SA-2011-006 KDC denial of service [CVE-2011-1527 CVE-2011-1528 CVE-2011-1529]
+6987 Fix krb5_cc_set_config
+6988 Fix handling of null edata method in KDC preauth
+6989 fix tar invocation in mkrel
+6992 Make krb5_find_authdata public
+6994 Fix intermediate key length in hmac-md5 checksum
+6995 Initialize typed_e_data in as_req_state
+6996 Make krb5_check_clockskew public
+6997 don't build po/ if msgfmt is missing
+6999 compile warnings, mininum version check for pkinit (NSS code paths)
+7000 Exit on error in kadmind kprop child
+7002 verto sshould have a pointer to upstream sources and be in NOTICE
+7003 Fix month/year units in getdate
+7006 Fix format string for TRACE_INIT_CREDS_SERVICE
+7014 Fix com_err.h dependencies in gss-kernel-lib
+7015 Add plugin interface_names entry for ccselect
+7017 Simplify and fix kdcpreauth request_body callback
+7018 Update verto to 0.2.2 release
+7019 Make verto context available to kdcpreauth modules
+7020 reading minor error message doesn't work for the IAKERB mech
+7021 Fix failure interval of 0 in LDAP lockout code
+7023 Clean up client-side preauth error data handling
+7027 FAST PKINIT
+7029 Fix --with-system-verto without pkg-config
+7030 Ldap dependency for parallel builds
+7033 krb5 1.10 KRB5_PADATA_ENC_TIMESTAMP isn't working
+7034 mk_cred: memory management
+7035 krb5_lcc_store() now ignores config credentials
+7036 Fix free ofuninitialized memory in sname_to_princ
+7037 Use LsaDeregisterLogonProcess(), not CloseHandle()
+7038 Added support for loading of Krb5.ini from Windows APPDATA
+7039 Handle TGS referrals to the same realm
+7042 SA-2011-007 KDC null pointer deref in TGS handling [CVE-2011-1530]
+7049 Fix subkey memory leak in krb5_get_credentials
+7050 KfW changes for krb5-1.10
Acknowledgements
----------------
-Thanks to the members of the Kerberos V5 development team at MIT, both
-past and present: Danilo Almeida, Jeffrey Altman, Richard Basch, Jay
-Berkenbilt, Mitch Berger, Andrew Boardman, Joe Calzaretta, John Carr,
-Don Davis, Alexandra Ellwood, Nancy Gilman, Matt Hancher, Sam Hartman,
-Paul Hill, Marc Horowitz, Eva Jacobus, Miroslav Jurisic, Barry Jaspan,
-Geoffrey King, John Kohl, Peter Litwack, Scott McGuire, Kevin
-Mitchell, Cliff Neuman, Paul Park, Ezra Peisach, Chris Provenzano, Ken
-Raeburn, Jon Rochlis, Jeff Schiller, Jen Selby, Brad Thompson, Harry
-Tsai, Ted Ts'o, Marshall Vale, Tom Yu.
+Past and present Sponsors of the MIT Kerberos Consortium:
+
+ Apple
+ Carnegie Mellon University
+ Centrify Corporation
+ Columbia University
+ Cornell University
+ The Department of Defense of the United States of America (DoD)
+ Fidelity Investments
+ Google
+ Iowa State University
+ MIT
+ Michigan State University
+ Microsoft
+ The National Aeronautics and Space Administration
+ of the United States of America (NASA)
+ Network Appliance (NetApp)
+ Nippon Telephone and Telegraph (NTT)
+ Oracle
+ Pennsylvania State University
+ Red Hat
+ Stanford University
+ TeamF1, Inc.
+ The University of Alaska
+ The University of Michigan
+ The University of Pennsylvania
+
+Past and present members of the Kerberos Team at MIT:
+
+ Danilo Almeida
+ Jeffrey Altman
+ Justin Anderson
+ Richard Basch
+ Mitch Berger
+ Jay Berkenbilt
+ Andrew Boardman
+ Bill Bryant
+ Steve Buckley
+ Joe Calzaretta
+ John Carr
+ Mark Colan
+ Don Davis
+ Alexandra Ellwood
+ Carlos Garay
+ Dan Geer
+ Nancy Gilman
+ Matt Hancher
+ Thomas Hardjono
+ Sam Hartman
+ Paul Hill
+ Marc Horowitz
+ Eva Jacobus
+ Miroslav Jurisic
+ Barry Jaspan
+ Geoffrey King
+ Kevin Koch
+ John Kohl
+ HaoQi Li
+ Jonathan Lin
+ Peter Litwack
+ Scott McGuire
+ Steve Miller
+ Kevin Mitchell
+ Cliff Neuman
+ Paul Park
+ Ezra Peisach
+ Chris Provenzano
+ Ken Raeburn
+ Jon Rochlis
+ Jeff Schiller
+ Jen Selby
+ Robert Silk
+ Bill Sommerfeld
+ Jennifer Steiner
+ Ralph Swick
+ Brad Thompson
+ Harry Tsai
+ Zhanna Tsitkova
+ Ted Ts'o
+ Marshall Vale
+ Tom Yu
+
+The following external contributors have provided code, patches, bug
+reports, suggestions, and valuable resources:
+
+ Brandon Allbery
+ Russell Allbery
+ Brian Almeida
+ Michael B Allen
+ Heinz-Ado Arnolds
+ Derek Atkins
+ Mark Bannister
+ David Bantz
+ Alex Baule
+ Arlene Berry
+ Jeff Blaine
+ Radoslav Bodo
+ Emmanuel Bouillon
+ Michael Calmer
+ Julien Chaffraix
+ Ravi Channavajhala
+ Srinivas Cheruku
+ Leonardo Chiquitto
+ Howard Chu
+ Andrea Cirulli
+ Christopher D. Clausen
+ Kevin Coffman
+ Simon Cooper
+ Sylvain Cortes
+ Nalin Dahyabhai
+ Dennis Davis
+ Mark Deneen
+ Roland Dowdeswell
+ Jason Edgecombe
+ Mark Eichin
+ Shawn M. Emery
+ Douglas E. Engert
+ Peter Eriksson
+ Juha Erkkilä
+ Ronni Feldt
+ Bill Fellows
+ JC Ferguson
+ William Fiveash
+ Ákos Frohner
+ Marcus Granado
+ Scott Grizzard
+ Helmut Grohne
+ Steve Grubb
+ Philip Guenther
+ Dominic Hargreaves
+ Jakob Haufe
+ Paul B. Henson
+ Jeff Hodges
+ Christopher Hogan
+ Love Hörnquist Åstrand
+ Ken Hornstein
+ Henry B. Hotz
+ Luke Howard
+ Jakub Hrozek
+ Shumon Huque
+ Jeffrey Hutzelman
+ Wyllys Ingersoll
+ Holger Isenberg
+ Pavel Jindra
+ Joel Johnson
+ Mikkel Kruse
+ Volker Lendecke
+ Jan iankko Lieskovsky
+ Kevin Longfellow
+ Ryan Lynch
+ Nathaniel McCallum
+ Greg McClement
+ Cameron Meadors
+ Alexey Melnikov
+ Franklyn Mendez
+ Markus Moeller
+ Kyle Moffett
+ Paul Moore
+ Keiichi Mori
+ Zbysek Mraz
+ Edward Murrell
+ Nikos Nikoleris
+ Felipe Ortega
+ Andrej Ota
+ Dmitri Pal
+ Javier Palacios
+ Tom Parker
+ Ezra Peisach
+ W. Michael Petullo
+ Mark Phalan
+ Jonathan Reams
+ Robert Relyea
+ Martin Rex
+ Jason Rogers
+ Mike Roszkowski
+ Guillaume Rousse
+ Tom Shaw
+ Peter Shoults
+ Simo Sorce
+ Michael Spang
+ Michael Ströder
+ Bjørn Tore Sund
+ Rathor Vipin
+ Jorgen Wahlsten
+ Max (Weijun) Wang
+ John Washington
+ Kevin Wasserman
+ Margaret Wasserman
+ Marcus Watts
+ Simon Wilkinson
+ Nicolas Williams
+ Ross Wilper
+ Xu Qiang
+ Hanz van Zijst
+
+The above is not an exhaustive list; many others have contributed in
+various ways to the MIT Kerberos development effort over the years.
+Other acknowledgments (for bug reports and patches) are in the
+doc/CHANGES file.