- Kerberos Version 5, Release 1.6
+ Kerberos Version 5, Release 1.8
- Release Notes
- The MIT Kerberos Team
+ Release Notes
+ The MIT Kerberos Team
-Unpacking the Source Distribution
----------------------------------
+Copyright and Other Notices
+---------------------------
-The source distribution of Kerberos 5 comes in a gzipped tarfile,
-krb5-1.6.tar.gz. Instructions on how to extract the entire
-distribution follow.
+Copyright (C) 1985-2011 by the Massachusetts Institute of Technology
+and its contributors. All rights reserved.
-If you have the GNU tar program and gzip installed, you can simply do:
+Please see the file named NOTICE for additional notices.
- gtar zxpf krb5-1.6.tar.gz
+MIT Kerberos is a project of the MIT Kerberos Consortium. For more
+information about the Kerberos Consortium, see http://kerberos.org/
-If you don't have GNU tar, you will need to get the FSF gzip
-distribution and use gzcat:
+For more information about the MIT Kerberos software, see
+ http://web.mit.edu/kerberos/
- gzcat krb5-1.6.tar.gz | tar xpf -
-
-Both of these methods will extract the sources into krb5-1.6/src and
-the documentation into krb5-1.6/doc.
+People interested in participating in the MIT Kerberos development
+effort should visit http://k5wiki.kerberos.org/
Building and Installing Kerberos 5
----------------------------------
compile and install Kerberos V5 on any platform, you may send mail to
krb5-bugs@mit.edu.
+Please keep in mind that unencrypted e-mail is not secure. If you need
+to report a security vulnerability, or send sensitive information,
+please PGP-encrypt it to krbcore-security@mit.edu.
+
You may view bug reports by visiting
-http://krbdev.mit.edu/rt/
+ http://krbdev.mit.edu/rt/
and logging in as "guest" with password "guest".
-Major changes in 1.6
+DES transition
+--------------
+
+The krb5-1.8 release disables single-DES cryptosystems by default. As
+a result, you may need to add the libdefaults setting
+"allow_weak_crypto = true" to communicate with existing Kerberos
+infrastructures if they do not support stronger ciphers.
+
+The Data Encryption Standard (DES) is widely recognized as weak. The
+krb5-1.7 release contains measures to encourage sites to migrate away
+from using single-DES cryptosystems. Among these is a configuration
+variable that enables "weak" enctypes, which now defaults to "false"
+beginning with krb5-1.8. The krb5-1.8 release includes additional
+measures to ease the transition away from single-DES. These
+additional measures include:
+
+* enctype config enhancements (so you can do "DEFAULT +des", etc.)
+* new API to allow applications (e.g. AFS) to explicitly reenable weak
+ crypto
+* easier kadmin history key changes
+
+Major changes in 1.8.4
----------------------
-krb5-1.6 changes by ticket ID
------------------------------
+This is primarily a bugfix release.
+
+* Fix vulnerabilities:
+ ** KDC uninitialized pointer crash [MITKRB5-SA-2010-006 CVE-2010-1322]
+ ** kpropd denial of service [MITKRB5-SA-2011-001 CVE-2010-4022]
+ ** KDC denial of service attacks [MITKRB5-SA-2011-002
+ CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]
+ ** KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003
+ CVE-2011-0284]
+ ** kadmind frees invalid pointer [MITKRB5-SA-2011-004 CVE-2011-0285]
+
+* Interoperability:
+
+ ** Correctly encrypt GSSAPI forwarded credentials using the session
+ key, not a subkey.
+
+ ** Set NT-SRV-INST on TGS principal names as expected by some
+ Windows Server Domain Controllers.
+
+ ** Don't reject AP-REQ messages if their PAC doesn't validate;
+ suppress the PAC instead.
+
+ ** Correctly validate HMAC-MD5 checksums that use DES keys
+
+krb5-1.8.4 changes by ticket ID
+-------------------------------
+
+6701 syntax error in src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif
+6764 has_mandatory_for_kdc_authdata checks only first authdata element
+6768 GSSAPI forwarded credentials must be encrypted in session key
+6790 skip invalid enctypes instead of erroring out in
+ krb5_dbe_def_search_enctype
+6797 CVE-2010-1322 KDC uninitialized pointer crash in authorization
+ data handling (MITKRB5-SA-2010-006)
+6798 set NT-SRV-INST on TGS principal names
+6833 SA-2010-007 Checksum vulnerabilities (CVE-2010-1324 and others)
+6843 handle MS PACs that lack server checksum
+6853 Make gss_krb5_set_allowable_enctypes work for the acceptor (1.8 pullup)
+6861 kpropd denial of service [MITKRB5-SA-2011-001 CVE-2010-4022]
+6862 KDC denial of service attacks [MITKRB5-SA-2011-002
+ CVE-2011-0281 CVE-2011-0282]
+6876 hmac-md5 checksum doesn't work with DES keys
+6877 Don't reject AP-REQs based on PACs
+6882 KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003 CVE-2011-0284]
+6900 kadmind frees invalid pointer [MITKRB5-SA-2011-004 CVE-2011-0285]
+
+Major changes in 1.8.3
+----------------------
+
+* Behavior Change:
+
+ GSS-API context expiration -- the gss_wrap and gss_unwrap
+ functions no longer check for ticket expiration. Applications
+ wishing to enforce ticket lifetimes should check using the
+ gss_inquire_context function. The previous behavior of checking
+ for ticket expiration produced results that were not expected by
+ application developers, and could lead to poor user experience.
+
+* Fix an interoperability issue when the Microsoft HMAC-MD5 checksum
+ type was used with non-RC4 keys.
+
+* Fix an interoperability issue with ephemeral Diffie-Hellman key
+ exchange in PKINIT that would happen for less than 1% of
+ transactions.
+
+krb5-1.8.3 changes by ticket ID
+-------------------------------
+
+6345 no kdb5_util stash equivalent with LDAP database
+6738 PKINIT DH exchange occasionally produces mismatch
+6739 Behavior change: gssapi context expiration
+6740 kadmin ktadd may display wrong name of default keytab
+6744 only test t_locate_kdc if known-good DNS name is present
+6745 Add correct error table when initializing gss-krb5
+6750 krb5kdc doesn't parse the -P command-line option correctly
+6751 Allow Microsoft HMAC-MD5 checksum types to use non-RC4 keys
+
+Major changes in 1.8.2
+----------------------
+
+This is primarily a bugfix release.
+
+* Fix vulnerabilities:
+ ** CVE-2010-1320 KDC double free caused by ticket renewal
+ (MITKRB5-SA-2010-004)
+ ** CVE-2010-1321 GSS-API lib null pointer deref (MITKRB5-SA-2010-005)
+
+* Allow numeric IPv6 addresses for configuring KDC locations.
+
+krb5-1.8.2 changes by ticket ID
+-------------------------------
+
+6562 kinit not working if kdc is configured with numerical IPv6 address
+6696 gss_accept_sec_context doesn't produce error tokens
+6697 segfault caused by dlerror returning NULL
+6698 kproplog displays incorrect iprop timestamps on 64-bit platforms
+6702 CVE-2010-1320 KDC double free caused by ticket renewal
+ (MITKRB5-SA-2010-004)
+6711 memory leak in process_tgs_req in r23724
+6718 Make KADM5_FAIL_AUTH_COUNT_INCREMENT more robust with LDAP
+6722 Error handling bug in krb5_init_creds_init()
+6725 CVE-2010-1321 GSS-API lib null pointer deref (MITKRB5-SA-2010-005)
+6726 SPNEGO doesn't interoperate with Windows 2000
+6730 kdc_tcp_ports not documented in kdc.conf.M
+6734 FAST negotiation could erroneously succeed
+
+Major changes in 1.8.1
+----------------------
+
+This is primarily a bugfix release.
+
+* MITKRB5-SA-2010-002 CVE-2010-0628 denial of service in SPNEGO
+
+* Support IPv6 in kpasswd client.
+
+* Fix an authorization data type number assignment that conflicted
+ with an undocumented Microsoft usage.
+
+krb5-1.8.1 changes by ticket ID
+-------------------------------
+
+6661 [RFE] properly support IPv6 in kpasswd
+6668 Two problems in kadm5_get_principal mask handling
+6674 memory leak in SPNEGO
+6676 Ignore improperly encoded signedpath AD elements
+6678 use of freed memory in gss_import_sec_context error path
+6680 the "ticket_lifetime" setting isn't documented
+6681 krb5_get_init_creds_password() can crash with NULL options and
+ expired keys
+6683 kpasswd doesn't guess the client principal name correctly
+ without a ccache
+6685 handle NT_SRV_INST in service principal referrals
+6687 Change KRB5_AUTHDATA_SIGNTICKET from 142 to 512
+6689 krb5_typed_data not castable to krb5_pa_data on 64-bit MacOSX
+6690 MITKRB5-SA-2010-002 CVE-2010-0628 denial of service in SPNEGO
+6693 Fix backwards flag output in krb5_init_creds_step()
+
+Major changes in 1.8
+--------------------
-Listed below are the RT tickets of bugs fixed in krb5-1.6. Please see
+The krb5-1.8 release contains a large number of changes, featuring
+improvements in the following broad areas:
-http://krbdev.mit.edu/rt/NoAuth/krb5-1.6/fixed-1.6.html
-
-for a current listing with links to the complete tickets.
+* Code quality
+* Developer experience
+* Performance
+* End-user experience
+* Administrator experience
+* Protocol evolution
-Copyright and Other Legal Notices
----------------------------------
-
-Copyright (C) 1985-2006 by the Massachusetts Institute of Technology.
-
-All rights reserved.
-
-Export of this software from the United States of America may require
-a specific license from the United States Government. It is the
-responsibility of any person or organization contemplating export to
-obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. Furthermore if you modify this software you must label
-your software as modified software and not distribute it in such a
-fashion that it might be confused with the original MIT software.
-M.I.T. makes no representations about the suitability of this software
-for any purpose. It is provided "as is" without express or implied
-warranty.
-
-THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
-IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
-WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-
-Individual source code files are copyright MIT, Cygnus Support,
-Novell, OpenVision Technologies, Oracle, Red Hat, Sun Microsystems,
-FundsXpress, and others.
-
-Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
-and Zephyr are trademarks of the Massachusetts Institute of Technology
-(MIT). No commercial use of these trademarks may be made without
-prior written permission of MIT.
-
-"Commercial use" means use of a name in a product or other for-profit
-manner. It does NOT prevent a commercial firm from referring to the
-MIT trademarks in order to convey information (although in doing so,
-recognition of their trademark status should be given).
-
- --------------------
-
-Portions of src/lib/crypto have the following copyright:
-
- Copyright (C) 1998 by the FundsXpress, INC.
-
- All rights reserved.
-
- Export of this software from the United States of America may require
- a specific license from the United States Government. It is the
- responsibility of any person or organization contemplating export to
- obtain such a license before exporting.
-
- WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- distribute this software and its documentation for any purpose and
- without fee is hereby granted, provided that the above copyright
- notice appear in all copies and that both that copyright notice and
- this permission notice appear in supporting documentation, and that
- the name of FundsXpress. not be used in advertising or publicity pertaining
- to distribution of the software without specific, written prior
- permission. FundsXpress makes no representations about the suitability of
- this software for any purpose. It is provided "as is" without express
- or implied warranty.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+Code quality:
+* Move toward test-driven development -- new features have test code,
+ or at least written testing procedures.
- --------------------
-
-The following copyright and permission notice applies to the
-OpenVision Kerberos Administration system located in kadmin/create,
-kadmin/dbutil, kadmin/passwd, kadmin/server, lib/kadm5, and portions
-of lib/rpc:
+* Remove applications to a separate distribution to simplify
+ independent maintenance.
- Copyright, OpenVision Technologies, Inc., 1996, All Rights Reserved
+* Increase conformance to coding style
- WARNING: Retrieving the OpenVision Kerberos Administration system
- source code, as described below, indicates your acceptance of the
- following terms. If you do not agree to the following terms, do not
- retrieve the OpenVision Kerberos administration system.
+ + "The great reindent"
+
+ + Selective refactoring
+
+Developer experience:
+
+* Crypto modularity -- vendors can more easily substitute their own
+ crypto implementations, which might be hardware-accelerated or
+ validated to FIPS 140, for the builtin crypto implementation that
+ has historically shipped as part of MIT Kerberos. Currently, only
+ an OpenSSL provider is included, but others are planned for the
+ future.
+
+* Move toward improved KDB interface
+
+* Improved API for verifying and interrogating authorization data
+
+Performance:
+
+* Investigate and remedy repeatedly-reported performance bottlenecks.
+
+* Encryption performance -- new crypto API with opaque key structures,
+ to allow for optimizations such as caching of derived keys
+
+End-user experience:
+
+* Reduce DNS dependence by implementing an interface that allows
+ client library to track whether a KDC supports service principal
+ referrals.
+
+Administrator experience:
+
+* Disable DES by default -- this reduces security exposure from using
+ an increasingly insecure cipher.
+
+* More versatile crypto configuration, to simplify migration away from
+ DES -- new configuration syntax to allow inclusion and exclusion of
+ specific algorithms relative to a default set.
+
+* Account lockout for repeated login failures -- mitigates online
+ password guessing attacks, and helps with some enterprise regulatory
+ compliance.
+
+* Bridge layer to allow Heimdal HDB modules to act as KDB backend
+ modules. This provides a migration path from a Heimdal to an MIT
+ KDC.
+
+Protocol evolution:
+
+* FAST enhancements -- preauthentication framework enhancements to
+ allow a client to securely negotiate the use of FAST with a KDC of
+ unknown capabilities.
+
+* Microsoft Services for User (S4U) compatibility: S4U2Self, also
+ known as "protocol transition", allows for service to ask a KDC for
+ a ticket to themselves on behalf of a client authenticated via a
+ different means; S4U2Proxy allows a service to ask a KDC for a
+ ticket to another service on behalf of a client.
+
+* Anonymous PKINIT -- allows the use of public-key cryptography to
+ anonymously authenticate to a realm
+
+* Support doing constrained delegation similar to Microsoft's
+ S4U2Proxy without the use of the Windows PAC. This functionality
+ uses a protocol compatible with Heimdal.
+
+krb5-1.8 changes by ticket ID
+-----------------------------
- You may freely use and distribute the Source Code and Object Code
- compiled from it, with or without modification, but this Source
- Code is provided to you "AS IS" EXCLUSIVE OF ANY WARRANTY,
- INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR
- FITNESS FOR A PARTICULAR PURPOSE, OR ANY OTHER WARRANTY, WHETHER
- EXPRESS OR IMPLIED. IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY
- FOR ANY LOST PROFITS, LOSS OF DATA OR COSTS OF PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR
- CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, INCLUDING,
- WITHOUT LIMITATION, THOSE RESULTING FROM THE USE OF THE SOURCE
- CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR ANY
- OTHER REASON.
-
- OpenVision retains all copyrights in the donated Source Code. OpenVision
- also retains copyright to derivative works of the Source Code, whether
- created by OpenVision or by a third party. The OpenVision copyright
- notice must be preserved if derivative works are made based on the
- donated Source Code.
-
- OpenVision Technologies, Inc. has donated this Kerberos
- Administration system to MIT for inclusion in the standard
- Kerberos 5 distribution. This donation underscores our
- commitment to continuing Kerberos technology development
- and our gratitude for the valuable work which has been
- performed by MIT and the Kerberos community.
-
- --------------------
-
- Portions contributed by Matt Crawford <crawdad@fnal.gov> were
- work performed at Fermi National Accelerator Laboratory, which is
- operated by Universities Research Association, Inc., under
- contract DE-AC02-76CHO3000 with the U.S. Department of Energy.
-
- --------------------
-
-The implementation of the Yarrow pseudo-random number generator in
-src/lib/crypto/yarrow has the following copyright:
-
- Copyright 2000 by Zero-Knowledge Systems, Inc.
-
- Permission to use, copy, modify, distribute, and sell this software
- and its documentation for any purpose is hereby granted without fee,
- provided that the above copyright notice appear in all copies and that
- both that copyright notice and this permission notice appear in
- supporting documentation, and that the name of Zero-Knowledge Systems,
- Inc. not be used in advertising or publicity pertaining to
- distribution of the software without specific, written prior
- permission. Zero-Knowledge Systems, Inc. makes no representations
- about the suitability of this software for any purpose. It is
- provided "as is" without express or implied warranty.
-
- ZERO-KNOWLEDGE SYSTEMS, INC. DISCLAIMS ALL WARRANTIES WITH REGARD TO
- THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
- FITNESS, IN NO EVENT SHALL ZERO-KNOWLEDGE SYSTEMS, INC. BE LIABLE FOR
- ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTUOUS ACTION, ARISING OUT
- OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
- --------------------
-
-The implementation of the AES encryption algorithm in
-src/lib/crypto/aes has the following copyright:
-
- Copyright (c) 2001, Dr Brian Gladman <brg@gladman.uk.net>, Worcester, UK.
- All rights reserved.
-
- LICENSE TERMS
-
- The free distribution and use of this software in both source and binary
- form is allowed (with or without changes) provided that:
-
- 1. distributions of this source code include the above copyright
- notice, this list of conditions and the following disclaimer;
-
- 2. distributions in binary form include the above copyright
- notice, this list of conditions and the following disclaimer
- in the documentation and/or other associated materials;
-
- 3. the copyright holder's name is not used to endorse products
- built using this software without specific written permission.
-
- DISCLAIMER
-
- This software is provided 'as is' with no explcit or implied warranties
- in respect of any properties, including, but not limited to, correctness
- and fitness for purpose.
-
- --------------------
-
-Portions contributed by Red Hat, including the preauthentication
-plugins, contain the following copyright:
-
- Copyright (c) 2006 Red Hat, Inc.
- Portions copyright (c) 2006 Massachusetts Institute of Technology
- All Rights Reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions
- are met:
-
- * Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
-
- * Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials provided
- with the distribution.
-
- * Neither the name of Red Hat, Inc., nor the names of its
- contributors may be used to endorse or promote products derived
- from this software without specific prior written permission.
-
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
- IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
- PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
- OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
- --------------------
-
-The implementations of GSSAPI mechglue in GSSAPI-SPNEGO in
-src/lib/gssapi, including the following files:
-
-lib/gssapi/generic/gssapi_err_generic.et
-lib/gssapi/mechglue/g_accept_sec_context.c
-lib/gssapi/mechglue/g_acquire_cred.c
-lib/gssapi/mechglue/g_canon_name.c
-lib/gssapi/mechglue/g_compare_name.c
-lib/gssapi/mechglue/g_context_time.c
-lib/gssapi/mechglue/g_delete_sec_context.c
-lib/gssapi/mechglue/g_dsp_name.c
-lib/gssapi/mechglue/g_dsp_status.c
-lib/gssapi/mechglue/g_dup_name.c
-lib/gssapi/mechglue/g_exp_sec_context.c
-lib/gssapi/mechglue/g_export_name.c
-lib/gssapi/mechglue/g_glue.c
-lib/gssapi/mechglue/g_imp_name.c
-lib/gssapi/mechglue/g_imp_sec_context.c
-lib/gssapi/mechglue/g_init_sec_context.c
-lib/gssapi/mechglue/g_initialize.c
-lib/gssapi/mechglue/g_inquire_context.c
-lib/gssapi/mechglue/g_inquire_cred.c
-lib/gssapi/mechglue/g_inquire_names.c
-lib/gssapi/mechglue/g_process_context.c
-lib/gssapi/mechglue/g_rel_buffer.c
-lib/gssapi/mechglue/g_rel_cred.c
-lib/gssapi/mechglue/g_rel_name.c
-lib/gssapi/mechglue/g_rel_oid_set.c
-lib/gssapi/mechglue/g_seal.c
-lib/gssapi/mechglue/g_sign.c
-lib/gssapi/mechglue/g_store_cred.c
-lib/gssapi/mechglue/g_unseal.c
-lib/gssapi/mechglue/g_userok.c
-lib/gssapi/mechglue/g_utils.c
-lib/gssapi/mechglue/g_verify.c
-lib/gssapi/mechglue/gssd_pname_to_uid.c
-lib/gssapi/mechglue/mglueP.h
-lib/gssapi/mechglue/oid_ops.c
-lib/gssapi/spnego/gssapiP_spnego.h
-lib/gssapi/spnego/spnego_mech.c
-
-are subject to the following license:
-
- Copyright (c) 2004 Sun Microsystems, Inc.
-
- Permission is hereby granted, free of charge, to any person obtaining a
- copy of this software and associated documentation files (the
- "Software"), to deal in the Software without restriction, including
- without limitation the rights to use, copy, modify, merge, publish,
- distribute, sublicense, and/or sell copies of the Software, and to
- permit persons to whom the Software is furnished to do so, subject to
- the following conditions:
-
- The above copyright notice and this permission notice shall be included
- in all copies or substantial portions of the Software.
-
- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-includes documentation and software developed at the
-University of California at Berkeley, which includes this copyright
-notice:
-
- Copyright (C) 1983 Regents of the University of California.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions
- are met:
-
- 1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials provided
- with the distribution.
-
- 3. Neither the name of the University nor the names of its
- contributors may be used to endorse or promote products derived
- from this software without specific prior written permission.
-
- THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- SUCH DAMAGE.
+5468 delete kadmin v1 support
+6206 new API for storing extra per-principal data in ccache
+6434 krb5_cc_resolve() will crash if a null name param is provided
+6454 Make krb5_mkt_resolve error handling work
+6510 Restore limited support for static linking
+6539 Enctype list configuration enhancements
+6546 KDB should use enctype of stashed master key
+6547 Modify kadm5 initializers to accept krb5 contexts
+6563 Implement s4u extensions
+6564 s4u extensions integration broke test suite...
+6565 HP-UX IA64 wrong endian
+6572 Implement GSS naming extensions and authdata verification
+6576 Implement new APIs to allow improved crypto performance
+6577 Account lockout for repeated login failures
+6578 Heimdal DB bridge plugin for KDC back end
+6580 Constrained delegation without PAC support
+6582 Memory leak in _kadm5_init_any introduced with ipropd
+6583 Unbundle applications into separate repository
+6586 libkrb5 support for non-blocking AS requests
+6590 allow testing even if name->addr->name mapping doesn't work
+6591 fix slow behavior on Mac OS X with link-local addresses
+6592 handle negative enctypes better
+6593 Remove dependency on /bin/csh in test suite
+6595 FAST (preauth framework) negotiation
+6597 Add GSS extensions to store credentials, generate random bits
+6598 gss_init_sec_context potential segfault
+6599 memory leak in krb5_rd_req_decrypt_tkt_part
+6600 gss_inquire_context cannot handle no target name from mechanism
+6601 gsssspi_set_cred_option cannot handle mech specific option
+6603 issues with SPNEGO
+6605 PKINIT client should validate SAN for TGS, not service principal
+6606 allow testing when offline
+6607 anonymous PKINIT
+6616 Fix spelling and hyphen errors in man pages
+6618 Support optional creation of PID files for krb5kdc and kadmind
+6620 kdc_supported_enctypes does nothing; eradicate mentions thereof
+6621 disable weak crypto by default
+6622 kinit_fast fails if weak enctype is among client principal keys
+6623 Always treat anonymous as preauth required
+6624 automated tests for anonymous pkinit
+6625 yarrow code does not initialize keyblock enctype and uses
+ unitialized value
+6626 Restore interoperability with 1.6 addprinc -randkey
+6627 Set enctype in crypto_tests to prevent memory leaks
+6628 krb5int_dk_string_to_key fails to set enctype
+6629 krb5int_derive_key results in cache with uninitialized values
+6630 krb5int_pbkdf2_hmac_sha1 fails to set enctype on keyblock
+6632 Simplify and fix FAST check for keyed checksum type
+6634 Use keyed checksum type for DES FAST
+6640 Make history key exempt from permitted_enctypes
+6642 Add test program for decryption of overly short buffers
+6643 Problem with krb5 libcom_err vs. system libcom_err
+6644 Change basename of libkadm5 libraries to avoid Heimdal conflict
+6645 Add krb5_allow_weak_crypto API
+6648 define MIN() in lib/gssapi/krb5/prf.c
+6649 Get rid of kdb_ext.h and allow out-of-tree KDB plugins
+6651 Handle migration from pre-1.7 databases with master key
+ kvno != 1 (1.8 pullup)
+6652 Make decryption of master key list more robust
+6653 set_default_enctype_var should filter not reject weak enctypes
+6654 Fix greet_server build
+6655 Fix cross-realm handling of AD-SIGNEDPATH
+6656 krb5int_fast_free_state segfaults if state is null
+6657 enc_padata can include empty sequence
+6658 Implement gss_set_neg_mechs
+6659 Additional memory leaks in kdc
+6660 Minimal support for updating history key
+6662 MITKRB5-SA-2010-001 CVE-2010-0283 KDC denial of service
+6663 update mkrel to deal with changed source layout
+6665 Fix cipher state chaining in OpenSSL back end
+6669 doc updates for allow_weak_crypto
Acknowledgements
----------------
-Thanks to Sun Microsystems for donating their implementations of
-mechglue and SPNEGO.
-
-Thanks to the members of the Kerberos V5 development team at MIT, both
-past and present: Danilo Almeida, Jeffrey Altman, Richard Basch, Jay
-Berkenbilt, Mitch Berger, Andrew Boardman, Joe Calzaretta, John Carr,
-Don Davis, Alexandra Ellwood, Nancy Gilman, Matt Hancher, Sam Hartman,
-Paul Hill, Marc Horowitz, Eva Jacobus, Miroslav Jurisic, Barry Jaspan,
-Geoffrey King, John Kohl, Peter Litwack, Scott McGuire, Kevin
-Mitchell, Cliff Neuman, Paul Park, Ezra Peisach, Chris Provenzano, Ken
-Raeburn, Jon Rochlis, Jeff Schiller, Jen Selby, Brad Thompson, Harry
-Tsai, Ted Ts'o, Marshall Vale, Tom Yu.
+Past and present Sponsors of the MIT Kerberos Consortium:
+
+ Apple
+ Carnegie Mellon University
+ Centrify Corporation
+ Columbia University
+ Cornell University
+ The Department of Defense of the United States of America (DoD)
+ Google
+ Iowa State University
+ MIT
+ Michigan State University
+ Microsoft
+ The National Aeronautics and Space Administration
+ of the United States of America (NASA)
+ Network Appliance (NetApp)
+ Nippon Telephone and Telegraph (NTT)
+ Oracle
+ Pennsylvania State University
+ Red Hat
+ Stanford University
+ TeamF1, Inc.
+ The University of Alaska
+ The University of Michigan
+ The University of Pennsylvania
+
+Past and present members of the Kerberos Team at MIT:
+
+ Danilo Almeida
+ Jeffrey Altman
+ Justin Anderson
+ Richard Basch
+ Mitch Berger
+ Jay Berkenbilt
+ Andrew Boardman
+ Bill Bryant
+ Steve Buckley
+ Joe Calzaretta
+ John Carr
+ Mark Colan
+ Don Davis
+ Alexandra Ellwood
+ Dan Geer
+ Nancy Gilman
+ Matt Hancher
+ Thomas Hardjono
+ Sam Hartman
+ Paul Hill
+ Marc Horowitz
+ Eva Jacobus
+ Miroslav Jurisic
+ Barry Jaspan
+ Geoffrey King
+ Kevin Koch
+ John Kohl
+ HaoQi Li
+ Peter Litwack
+ Scott McGuire
+ Steve Miller
+ Kevin Mitchell
+ Cliff Neuman
+ Paul Park
+ Ezra Peisach
+ Chris Provenzano
+ Ken Raeburn
+ Jon Rochlis
+ Jeff Schiller
+ Jen Selby
+ Robert Silk
+ Bill Sommerfeld
+ Jennifer Steiner
+ Ralph Swick
+ Brad Thompson
+ Harry Tsai
+ Zhanna Tsitkova
+ Ted Ts'o
+ Marshall Vale
+ Tom Yu
+
+The following external contributors have provided code, patches, bug
+reports, suggestions, and valuable resources:
+
+ Brandon Allbery
+ Russell Allbery
+ Brian Almeida
+ Michael B Allen
+ Derek Atkins
+ David Bantz
+ Alex Baule
+ Arlene Berry
+ Jeff Blaine
+ Radoslav Bodo
+ Emmanuel Bouillon
+ Michael Calmer
+ Julien Chaffraix
+ Ravi Channavajhala
+ Srinivas Cheruku
+ Leonardo Chiquitto
+ Howard Chu
+ Andrea Cirulli
+ Christopher D. Clausen
+ Kevin Coffman
+ Simon Cooper
+ Sylvain Cortes
+ Nalin Dahyabhai
+ Dennis Davis
+ Roland Dowdeswell
+ Jason Edgecombe
+ Mark Eichin
+ Shawn M. Emery
+ Douglas E. Engert
+ Peter Eriksson
+ Ronni Feldt
+ Bill Fellows
+ JC Ferguson
+ William Fiveash
+ Ákos Frohner
+ Marcus Granado
+ Scott Grizzard
+ Helmut Grohne
+ Steve Grubb
+ Philip Guenther
+ Dominic Hargreaves
+ Jakob Haufe
+ Jeff Hodges
+ Love Hörnquist Åstrand
+ Ken Hornstein
+ Henry B. Hotz
+ Luke Howard
+ Jakub Hrozek
+ Shumon Huque
+ Jeffrey Hutzelman
+ Wyllys Ingersoll
+ Holger Isenberg
+ Pavel Jindra
+ Joel Johnson
+ Mikkel Kruse
+ Volker Lendecke
+ Jan iankko Lieskovsky
+ Kevin Longfellow
+ Ryan Lynch
+ Cameron Meadors
+ Franklyn Mendez
+ Markus Moeller
+ Paul Moore
+ Keiichi Mori
+ Zbysek Mraz
+ Edward Murrell
+ Nikos Nikoleris
+ Felipe Ortega
+ Dmitri Pal
+ Javier Palacios
+ Ezra Peisach
+ W. Michael Petullo
+ Mark Phalan
+ Robert Relyea
+ Martin Rex
+ Jason Rogers
+ Mike Roszkowski
+ Guillaume Rousse
+ Tom Shaw
+ Peter Shoults
+ Simo Sorce
+ Michael Spang
+ Michael Ströder
+ Bjørn Tore Sund
+ Rathor Vipin
+ Jorgen Wahlsten
+ Max (Weijun) Wang
+ John Washington
+ Marcus Watts
+ Simon Wilkinson
+ Nicolas Williams
+ Ross Wilper
+ Xu Qiang
+ Hanz van Zijst
+
+The above is not an exhaustive list; many others have contributed in
+various ways to the MIT Kerberos development effort over the years.
+Other acknowledgments (for bug reports and patches) are in the
+doc/CHANGES file.