Copyright and Other Notices
---------------------------
-Copyright (C) 1985-2010 by the Massachusetts Institute of Technology
+Copyright (C) 1985-2011 by the Massachusetts Institute of Technology
and its contributors. All rights reserved.
Please see the file named NOTICE for additional notices.
http://web.mit.edu/kerberos/
People interested in participating in the MIT Kerberos development
-effort should see http://k5wiki.kerberos.org/
+effort should visit http://k5wiki.kerberos.org/
Building and Installing Kerberos 5
----------------------------------
DES transition
--------------
+The krb5-1.8 release disables single-DES cryptosystems by default. As
+a result, you may need to add the libdefaults setting
+"allow_weak_crypto = true" to communicate with existing Kerberos
+infrastructures if they do not support stronger ciphers.
+
The Data Encryption Standard (DES) is widely recognized as weak. The
krb5-1.7 release contains measures to encourage sites to migrate away
from using single-DES cryptosystems. Among these is a configuration
variable that enables "weak" enctypes, which now defaults to "false"
beginning with krb5-1.8. The krb5-1.8 release includes additional
-measures to ease the transition away from single-DES.
+measures to ease the transition away from single-DES. These
+additional measures include:
+
+* enctype config enhancements (so you can do "DEFAULT +des", etc.)
+* new API to allow applications (e.g. AFS) to explicitly reenable weak
+ crypto
+* easier kadmin history key changes
+
+Major changes in 1.8.4
+----------------------
+
+This is primarily a bugfix release.
+
+* Fix vulnerabilities:
+ ** KDC uninitialized pointer crash [MITKRB5-SA-2010-006 CVE-2010-1322]
+ ** kpropd denial of service [MITKRB5-SA-2011-001 CVE-2010-4022]
+ ** KDC denial of service attacks [MITKRB5-SA-2011-002
+ CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]
+ ** KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003
+ CVE-2011-0284]
+ ** kadmind frees invalid pointer [MITKRB5-SA-2011-004 CVE-2011-0285]
+
+* Interoperability:
+
+ ** Correctly encrypt GSSAPI forwarded credentials using the session
+ key, not a subkey.
+
+ ** Set NT-SRV-INST on TGS principal names as expected by some
+ Windows Server Domain Controllers.
+
+ ** Don't reject AP-REQ messages if their PAC doesn't validate;
+ suppress the PAC instead.
+
+ ** Correctly validate HMAC-MD5 checksums that use DES keys
+
+krb5-1.8.4 changes by ticket ID
+-------------------------------
+
+6701 syntax error in src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif
+6764 has_mandatory_for_kdc_authdata checks only first authdata element
+6768 GSSAPI forwarded credentials must be encrypted in session key
+6790 skip invalid enctypes instead of erroring out in
+ krb5_dbe_def_search_enctype
+6797 CVE-2010-1322 KDC uninitialized pointer crash in authorization
+ data handling (MITKRB5-SA-2010-006)
+6798 set NT-SRV-INST on TGS principal names
+6833 SA-2010-007 Checksum vulnerabilities (CVE-2010-1324 and others)
+6843 handle MS PACs that lack server checksum
+6853 Make gss_krb5_set_allowable_enctypes work for the acceptor (1.8 pullup)
+6861 kpropd denial of service [MITKRB5-SA-2011-001 CVE-2010-4022]
+6862 KDC denial of service attacks [MITKRB5-SA-2011-002
+ CVE-2011-0281 CVE-2011-0282]
+6876 hmac-md5 checksum doesn't work with DES keys
+6877 Don't reject AP-REQs based on PACs
+6882 KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003 CVE-2011-0284]
+6900 kadmind frees invalid pointer [MITKRB5-SA-2011-004 CVE-2011-0285]
+
+Major changes in 1.8.3
+----------------------
+
+* Behavior Change:
+
+ GSS-API context expiration -- the gss_wrap and gss_unwrap
+ functions no longer check for ticket expiration. Applications
+ wishing to enforce ticket lifetimes should check using the
+ gss_inquire_context function. The previous behavior of checking
+ for ticket expiration produced results that were not expected by
+ application developers, and could lead to poor user experience.
+
+* Fix an interoperability issue when the Microsoft HMAC-MD5 checksum
+ type was used with non-RC4 keys.
+
+* Fix an interoperability issue with ephemeral Diffie-Hellman key
+ exchange in PKINIT that would happen for less than 1% of
+ transactions.
+
+krb5-1.8.3 changes by ticket ID
+-------------------------------
+
+6345 no kdb5_util stash equivalent with LDAP database
+6738 PKINIT DH exchange occasionally produces mismatch
+6739 Behavior change: gssapi context expiration
+6740 kadmin ktadd may display wrong name of default keytab
+6744 only test t_locate_kdc if known-good DNS name is present
+6745 Add correct error table when initializing gss-krb5
+6750 krb5kdc doesn't parse the -P command-line option correctly
+6751 Allow Microsoft HMAC-MD5 checksum types to use non-RC4 keys
+
+Major changes in 1.8.2
+----------------------
+
+This is primarily a bugfix release.
+
+* Fix vulnerabilities:
+ ** CVE-2010-1320 KDC double free caused by ticket renewal
+ (MITKRB5-SA-2010-004)
+ ** CVE-2010-1321 GSS-API lib null pointer deref (MITKRB5-SA-2010-005)
+
+* Allow numeric IPv6 addresses for configuring KDC locations.
+
+krb5-1.8.2 changes by ticket ID
+-------------------------------
+
+6562 kinit not working if kdc is configured with numerical IPv6 address
+6696 gss_accept_sec_context doesn't produce error tokens
+6697 segfault caused by dlerror returning NULL
+6698 kproplog displays incorrect iprop timestamps on 64-bit platforms
+6702 CVE-2010-1320 KDC double free caused by ticket renewal
+ (MITKRB5-SA-2010-004)
+6711 memory leak in process_tgs_req in r23724
+6718 Make KADM5_FAIL_AUTH_COUNT_INCREMENT more robust with LDAP
+6722 Error handling bug in krb5_init_creds_init()
+6725 CVE-2010-1321 GSS-API lib null pointer deref (MITKRB5-SA-2010-005)
+6726 SPNEGO doesn't interoperate with Windows 2000
+6730 kdc_tcp_ports not documented in kdc.conf.M
+6734 FAST negotiation could erroneously succeed
+
+Major changes in 1.8.1
+----------------------
+
+This is primarily a bugfix release.
+
+* MITKRB5-SA-2010-002 CVE-2010-0628 denial of service in SPNEGO
+
+* Support IPv6 in kpasswd client.
+
+* Fix an authorization data type number assignment that conflicted
+ with an undocumented Microsoft usage.
+
+krb5-1.8.1 changes by ticket ID
+-------------------------------
+
+6661 [RFE] properly support IPv6 in kpasswd
+6668 Two problems in kadm5_get_principal mask handling
+6674 memory leak in SPNEGO
+6676 Ignore improperly encoded signedpath AD elements
+6678 use of freed memory in gss_import_sec_context error path
+6680 the "ticket_lifetime" setting isn't documented
+6681 krb5_get_init_creds_password() can crash with NULL options and
+ expired keys
+6683 kpasswd doesn't guess the client principal name correctly
+ without a ccache
+6685 handle NT_SRV_INST in service principal referrals
+6687 Change KRB5_AUTHDATA_SIGNTICKET from 142 to 512
+6689 krb5_typed_data not castable to krb5_pa_data on 64-bit MacOSX
+6690 MITKRB5-SA-2010-002 CVE-2010-0628 denial of service in SPNEGO
+6693 Fix backwards flag output in krb5_init_creds_step()
Major changes in 1.8
--------------------
6599 memory leak in krb5_rd_req_decrypt_tkt_part
6600 gss_inquire_context cannot handle no target name from mechanism
6601 gsssspi_set_cred_option cannot handle mech specific option
+6603 issues with SPNEGO
6605 PKINIT client should validate SAN for TGS, not service principal
6606 allow testing when offline
6607 anonymous PKINIT
6622 kinit_fast fails if weak enctype is among client principal keys
6623 Always treat anonymous as preauth required
6624 automated tests for anonymous pkinit
-6625 yarrow code does not initialize keyblock enctype and uses unitialized value
+6625 yarrow code does not initialize keyblock enctype and uses
+ unitialized value
6626 Restore interoperability with 1.6 addprinc -randkey
6627 Set enctype in crypto_tests to prevent memory leaks
6628 krb5int_dk_string_to_key fails to set enctype
6645 Add krb5_allow_weak_crypto API
6648 define MIN() in lib/gssapi/krb5/prf.c
6649 Get rid of kdb_ext.h and allow out-of-tree KDB plugins
-6651 Handle migration from pre-1.7 databases with master key kvno != 1 (1.8 pullup)
+6651 Handle migration from pre-1.7 databases with master key
+ kvno != 1 (1.8 pullup)
6652 Make decryption of master key list more robust
6653 set_default_enctype_var should filter not reject weak enctypes
6654 Fix greet_server build
6656 krb5int_fast_free_state segfaults if state is null
6657 enc_padata can include empty sequence
6658 Implement gss_set_neg_mechs
+6659 Additional memory leaks in kdc
6660 Minimal support for updating history key
6662 MITKRB5-SA-2010-001 CVE-2010-0283 KDC denial of service
6663 update mkrel to deal with changed source layout
+6665 Fix cipher state chaining in OpenSSL back end
+6669 doc updates for allow_weak_crypto
Acknowledgements
----------------
Microsoft
The National Aeronautics and Space Administration
of the United States of America (NASA)
+ Network Appliance (NetApp)
Nippon Telephone and Telegraph (NTT)
Oracle
Pennsylvania State University
TeamF1, Inc.
The University of Alaska
The University of Michigan
+ The University of Pennsylvania
Past and present members of the Kerberos Team at MIT:
Brandon Allbery
Russell Allbery
+ Brian Almeida
Michael B Allen
Derek Atkins
David Bantz
Radoslav Bodo
Emmanuel Bouillon
Michael Calmer
+ Julien Chaffraix
Ravi Channavajhala
Srinivas Cheruku
+ Leonardo Chiquitto
Howard Chu
Andrea Cirulli
Christopher D. Clausen
Simon Cooper
Sylvain Cortes
Nalin Dahyabhai
+ Dennis Davis
Roland Dowdeswell
Jason Edgecombe
Mark Eichin
Douglas E. Engert
Peter Eriksson
Ronni Feldt
+ Bill Fellows
JC Ferguson
William Fiveash
Ákos Frohner
Marcus Granado
Scott Grizzard
+ Helmut Grohne
Steve Grubb
Philip Guenther
+ Dominic Hargreaves
Jakob Haufe
Jeff Hodges
Love Hörnquist Åstrand
Ken Hornstein
Henry B. Hotz
Luke Howard
+ Jakub Hrozek
Shumon Huque
Jeffrey Hutzelman
Wyllys Ingersoll
Holger Isenberg
+ Pavel Jindra
+ Joel Johnson
Mikkel Kruse
Volker Lendecke
+ Jan iankko Lieskovsky
+ Kevin Longfellow
Ryan Lynch
+ Cameron Meadors
Franklyn Mendez
Markus Moeller
Paul Moore
+ Keiichi Mori
+ Zbysek Mraz
Edward Murrell
Nikos Nikoleris
+ Felipe Ortega
Dmitri Pal
Javier Palacios
Ezra Peisach
W. Michael Petullo
Mark Phalan
- Xu Qiang
Robert Relyea
Martin Rex
+ Jason Rogers
+ Mike Roszkowski
Guillaume Rousse
Tom Shaw
Peter Shoults
Simo Sorce
+ Michael Spang
Michael Ströder
Bjørn Tore Sund
Rathor Vipin
Simon Wilkinson
Nicolas Williams
Ross Wilper
+ Xu Qiang
Hanz van Zijst
The above is not an exhaustive list; many others have contributed in