- Kerberos Version 5, Release 1.6
+ Kerberos Version 5, Release 1.10
- Release Notes
- The MIT Kerberos Team
+ Release Notes
+ The MIT Kerberos Team
-Unpacking the Source Distribution
----------------------------------
+Copyright and Other Notices
+---------------------------
-The source distribution of Kerberos 5 comes in a gzipped tarfile,
-krb5-1.6.tar.gz. Instructions on how to extract the entire
-distribution follow.
+Copyright (C) 1985-2010 by the Massachusetts Institute of Technology
+and its contributors. All rights reserved.
-If you have the GNU tar program and gzip installed, you can simply do:
-
- gtar zxpf krb5-1.6.tar.gz
-
-If you don't have GNU tar, you will need to get the FSF gzip
-distribution and use gzcat:
-
- gzcat krb5-1.6.tar.gz | tar xpf -
-
-Both of these methods will extract the sources into krb5-1.6/src and
-the documentation into krb5-1.6/doc.
+Please see the file named NOTICE for additional notices.
Building and Installing Kerberos 5
----------------------------------
and logging in as "guest" with password "guest".
-Major changes in 1.6
-----------------------
-
-* Partial client implementation to handle server name referrals.
-
-* Pre-authentication plug-in framework, donated by Red Hat.
-
-* LDAP KDB plug-in, donated by Novell.
-
-krb5-1.6 changes by ticket ID
------------------------------
-
-Listed below are the RT tickets of bugs fixed in krb5-1.6. Please see
-
-http://krbdev.mit.edu/rt/NoAuth/krb5-1.6/fixed-1.6.html
-
-for a current listing with links to the complete tickets.
-
-1204 Unable to get a TGT cross-realm referral
-2087 undocumented options for kpropd
-2240 krb5-config --cflags gssapi when used by OpenSSH-snap-20040212
-2579 kdc: add_to_transited may reference off end of array...
-2652 Add support for referrals
-2876 Tree does not compile with GCC 4.0
-2935 KDB/LDAP backend
-3089 krb5_verify_init_creds() is not thread safe
-3091 add krb5_cc_new_unique()
-3276 local array of structures not declared static
-3288 NetIdMgr cannot obtain Kerberos 5 tickets containing addresses
-3322 get_cred_via_tkt() checks too strict on server principal
-3522 Error code definitions are outside macros to prevent multiple
- inclusion in public headers
-3735 Add TCP change/set password support
-3947 allow multiple calls to krb5_get_error_message to retrieve message
-3955 check calling conventions specified for Windows
-3961 fix stdcc.c to build without USE_CCAPI_V3
-4021 use GSS_C_NO_CHANNEL_BINDINGS not NULL in lib/rpc/auth_gss.c
-4023 Turn off KLL automatic prompting support in kadmin
-4024 gss_acquire_cred auto prompt support shouldn't break
- gss_krb5_ccache_name()
-4025 need to look harder for tclConfig.sh
-4055 remove unused Metrowerks support from yarrow
-4056 g_canon_name.c if-statement warning cleanup
-4057 GSSAPI opaque types should be pointers to opaque structs, not void*
-4256 Make process error
-4292 LDAP error prevents KfM 6.0 from building on Tiger
-4294 Bad loop logic in krb5_mcc_generate_new
-4304 audit referals merge (R18598)
-4389 cursor for iterating over ccaches
-4412 Don't segfault if a preauth plugin module fails to load
-4455 IRIX build fails w/ GCC 4.0 (really GNU ld)
-4482 enabling LDAP mix-in support for kdb5_util load
-4488 osf1 -oldstyle_liblookup typo
-4495 Avoid segfault in krb5_do_preauth_tryagain
-4496 fix invalid access found by valgrind
-4501 fix krb5_ldap_iterate to handle NULL match_expr and
- open_db_and_mkey to use KRB5_KDB_SRV_TYPE_ADMIN
-4534 don't confuse profile iterator in 425 princ conversion
-4561 UC Berkeley BSD license change
-4562 latest Novell ldap patches and kdb5_util dump support for ldap
-4587 Change preauth plugin context scope and lifetimes
-4624 remove t_prf and t_prf.o on make clean
-4625 Make clean in lib/kdb leaves error table files
-4657 krb5.h not C++-safe due to "struct krb5_cccol_cursor"
-4683 Remove obsolete/conflicting prototype for krb524_convert_princs
-4688 Add public function to get keylenth associated with an enctype
-4689 Update minor version numbers for 1.6
-4690 Add "get_data" function to the client preauth plugin interface
-4692 Document changing the krbtgt key
-4693 Delay kadmind random number initialization until after fork
-4735 more Novell ldap patches from Nov 6 and Fix for wrong password
- policy reference count
-4737 correct client preauth plugin request_context
-4738 allow server preauth plugin verify_padata function to return e-data
-4739 cccursor backend for CCAPI
-4755 update copyrights and acknowledgments
-4770 Add macros for __attribute__((deprecated)) for krb4 and des APIs
-4771 LDAP patch from Novell, 2006-10-13
-4772 fix some warnings in ldap code
-4774 avoid double frees in ccache manipulation around gen_new
-4775 include realm in "can't resolve KDC" error message
-4784 krb5_stdccv3_generate_new returns NULL ccache
-4788 ccache double free in krb5_fcc_read_addrs().
-4799 krb5_c_keylength -> krb5_c_keylengths; add krb5_c_random_to_key
-4805 replace existing calls of cc_gen_new()
-4841 free error message when freeing context
-4846 clean up preauth2 salt debug code
-4860 fix LDAP plugin Makefile.in lib frag substitutions
-4928 krb5int_copy_data_contents shouldn't free memory it didn't allocate
-4941 referrals changes to telnet have unconditional debugging printfs
-4942 skip all modules in plugin if init function fails
-4955 Referrals code breaks krb5_set_password_using_ccache to Active
- Directory
-4967 referrals support assumes all rewrites produce TGS principals
-4972 return edata from non-PA_REQUIRED preauth types
-4973 send a new request with the new padata returned by
- krb5_do_preauth_tryagain()
-
-Copyright and Other Legal Notices
----------------------------------
-
-Copyright (C) 1985-2007 by the Massachusetts Institute of Technology.
-
-All rights reserved.
-
-Export of this software from the United States of America may require
-a specific license from the United States Government. It is the
-responsibility of any person or organization contemplating export to
-obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. Furthermore if you modify this software you must label
-your software as modified software and not distribute it in such a
-fashion that it might be confused with the original MIT software.
-M.I.T. makes no representations about the suitability of this software
-for any purpose. It is provided "as is" without express or implied
-warranty.
-
-THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
-IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
-WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-
-Individual source code files are copyright MIT, Cygnus Support,
-Novell, OpenVision Technologies, Oracle, Red Hat, Sun Microsystems,
-FundsXpress, and others.
-
-Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
-and Zephyr are trademarks of the Massachusetts Institute of Technology
-(MIT). No commercial use of these trademarks may be made without
-prior written permission of MIT.
-
-"Commercial use" means use of a name in a product or other for-profit
-manner. It does NOT prevent a commercial firm from referring to the
-MIT trademarks in order to convey information (although in doing so,
-recognition of their trademark status should be given).
-
- --------------------
-
-Portions of src/lib/crypto have the following copyright:
-
- Copyright (C) 1998 by the FundsXpress, INC.
-
- All rights reserved.
-
- Export of this software from the United States of America may require
- a specific license from the United States Government. It is the
- responsibility of any person or organization contemplating export to
- obtain such a license before exporting.
-
- WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- distribute this software and its documentation for any purpose and
- without fee is hereby granted, provided that the above copyright
- notice appear in all copies and that both that copyright notice and
- this permission notice appear in supporting documentation, and that
- the name of FundsXpress. not be used in advertising or publicity pertaining
- to distribution of the software without specific, written prior
- permission. FundsXpress makes no representations about the suitability of
- this software for any purpose. It is provided "as is" without express
- or implied warranty.
-
- THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
- IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-
-
- --------------------
-
-The following copyright and permission notice applies to the
-OpenVision Kerberos Administration system located in kadmin/create,
-kadmin/dbutil, kadmin/passwd, kadmin/server, lib/kadm5, and portions
-of lib/rpc:
-
- Copyright, OpenVision Technologies, Inc., 1996, All Rights Reserved
-
- WARNING: Retrieving the OpenVision Kerberos Administration system
- source code, as described below, indicates your acceptance of the
- following terms. If you do not agree to the following terms, do not
- retrieve the OpenVision Kerberos administration system.
-
- You may freely use and distribute the Source Code and Object Code
- compiled from it, with or without modification, but this Source
- Code is provided to you "AS IS" EXCLUSIVE OF ANY WARRANTY,
- INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR
- FITNESS FOR A PARTICULAR PURPOSE, OR ANY OTHER WARRANTY, WHETHER
- EXPRESS OR IMPLIED. IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY
- FOR ANY LOST PROFITS, LOSS OF DATA OR COSTS OF PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR
- CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, INCLUDING,
- WITHOUT LIMITATION, THOSE RESULTING FROM THE USE OF THE SOURCE
- CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR ANY
- OTHER REASON.
-
- OpenVision retains all copyrights in the donated Source Code. OpenVision
- also retains copyright to derivative works of the Source Code, whether
- created by OpenVision or by a third party. The OpenVision copyright
- notice must be preserved if derivative works are made based on the
- donated Source Code.
-
- OpenVision Technologies, Inc. has donated this Kerberos
- Administration system to MIT for inclusion in the standard
- Kerberos 5 distribution. This donation underscores our
- commitment to continuing Kerberos technology development
- and our gratitude for the valuable work which has been
- performed by MIT and the Kerberos community.
-
- --------------------
-
- Portions contributed by Matt Crawford <crawdad@fnal.gov> were
- work performed at Fermi National Accelerator Laboratory, which is
- operated by Universities Research Association, Inc., under
- contract DE-AC02-76CHO3000 with the U.S. Department of Energy.
-
- --------------------
-
-The implementation of the Yarrow pseudo-random number generator in
-src/lib/crypto/yarrow has the following copyright:
-
- Copyright 2000 by Zero-Knowledge Systems, Inc.
-
- Permission to use, copy, modify, distribute, and sell this software
- and its documentation for any purpose is hereby granted without fee,
- provided that the above copyright notice appear in all copies and that
- both that copyright notice and this permission notice appear in
- supporting documentation, and that the name of Zero-Knowledge Systems,
- Inc. not be used in advertising or publicity pertaining to
- distribution of the software without specific, written prior
- permission. Zero-Knowledge Systems, Inc. makes no representations
- about the suitability of this software for any purpose. It is
- provided "as is" without express or implied warranty.
-
- ZERO-KNOWLEDGE SYSTEMS, INC. DISCLAIMS ALL WARRANTIES WITH REGARD TO
- THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
- FITNESS, IN NO EVENT SHALL ZERO-KNOWLEDGE SYSTEMS, INC. BE LIABLE FOR
- ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTUOUS ACTION, ARISING OUT
- OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
- --------------------
-
-The implementation of the AES encryption algorithm in
-src/lib/crypto/aes has the following copyright:
-
- Copyright (c) 2001, Dr Brian Gladman <brg@gladman.uk.net>, Worcester, UK.
- All rights reserved.
-
- LICENSE TERMS
-
- The free distribution and use of this software in both source and binary
- form is allowed (with or without changes) provided that:
-
- 1. distributions of this source code include the above copyright
- notice, this list of conditions and the following disclaimer;
-
- 2. distributions in binary form include the above copyright
- notice, this list of conditions and the following disclaimer
- in the documentation and/or other associated materials;
-
- 3. the copyright holder's name is not used to endorse products
- built using this software without specific written permission.
-
- DISCLAIMER
-
- This software is provided 'as is' with no explcit or implied warranties
- in respect of any properties, including, but not limited to, correctness
- and fitness for purpose.
-
- --------------------
-
-Portions contributed by Red Hat, including the pre-authentication
-plug-ins framework, contain the following copyright:
-
- Copyright (c) 2006 Red Hat, Inc.
- Portions copyright (c) 2006 Massachusetts Institute of Technology
- All Rights Reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions
- are met:
-
- * Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
-
- * Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials provided
- with the distribution.
-
- * Neither the name of Red Hat, Inc., nor the names of its
- contributors may be used to endorse or promote products derived
- from this software without specific prior written permission.
-
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
- IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
- PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
- OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
- --------------------
-
-The implementations of GSSAPI mechglue in GSSAPI-SPNEGO in
-src/lib/gssapi, including the following files:
-
- lib/gssapi/generic/gssapi_err_generic.et
- lib/gssapi/mechglue/g_accept_sec_context.c
- lib/gssapi/mechglue/g_acquire_cred.c
- lib/gssapi/mechglue/g_canon_name.c
- lib/gssapi/mechglue/g_compare_name.c
- lib/gssapi/mechglue/g_context_time.c
- lib/gssapi/mechglue/g_delete_sec_context.c
- lib/gssapi/mechglue/g_dsp_name.c
- lib/gssapi/mechglue/g_dsp_status.c
- lib/gssapi/mechglue/g_dup_name.c
- lib/gssapi/mechglue/g_exp_sec_context.c
- lib/gssapi/mechglue/g_export_name.c
- lib/gssapi/mechglue/g_glue.c
- lib/gssapi/mechglue/g_imp_name.c
- lib/gssapi/mechglue/g_imp_sec_context.c
- lib/gssapi/mechglue/g_init_sec_context.c
- lib/gssapi/mechglue/g_initialize.c
- lib/gssapi/mechglue/g_inquire_context.c
- lib/gssapi/mechglue/g_inquire_cred.c
- lib/gssapi/mechglue/g_inquire_names.c
- lib/gssapi/mechglue/g_process_context.c
- lib/gssapi/mechglue/g_rel_buffer.c
- lib/gssapi/mechglue/g_rel_cred.c
- lib/gssapi/mechglue/g_rel_name.c
- lib/gssapi/mechglue/g_rel_oid_set.c
- lib/gssapi/mechglue/g_seal.c
- lib/gssapi/mechglue/g_sign.c
- lib/gssapi/mechglue/g_store_cred.c
- lib/gssapi/mechglue/g_unseal.c
- lib/gssapi/mechglue/g_userok.c
- lib/gssapi/mechglue/g_utils.c
- lib/gssapi/mechglue/g_verify.c
- lib/gssapi/mechglue/gssd_pname_to_uid.c
- lib/gssapi/mechglue/mglueP.h
- lib/gssapi/mechglue/oid_ops.c
- lib/gssapi/spnego/gssapiP_spnego.h
- lib/gssapi/spnego/spnego_mech.c
-
-are subject to the following license:
-
- Copyright (c) 2004 Sun Microsystems, Inc.
-
- Permission is hereby granted, free of charge, to any person obtaining a
- copy of this software and associated documentation files (the
- "Software"), to deal in the Software without restriction, including
- without limitation the rights to use, copy, modify, merge, publish,
- distribute, sublicense, and/or sell copies of the Software, and to
- permit persons to whom the Software is furnished to do so, subject to
- the following conditions:
-
- The above copyright notice and this permission notice shall be included
- in all copies or substantial portions of the Software.
-
- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
- --------------------
-
-MIT Kerberos includes documentation and software developed at the
-University of California at Berkeley, which includes this copyright
-notice:
-
- Copyright (C) 1983 Regents of the University of California.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions
- are met:
-
- 1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials provided
- with the distribution.
-
- 3. Neither the name of the University nor the names of its
- contributors may be used to endorse or promote products derived
- from this software without specific prior written permission.
-
- THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS "AS IS" AND
- ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- SUCH DAMAGE.
-
- --------------------
-
-Portions contributed by Novell, Inc., including the LDAP database
-backend, are subject to the following license:
-
- Copyright (c) 2004-2005, Novell, Inc.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- * Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
- * Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
- * The copyright holder's name is not used to endorse or promote products
- derived from this software without specific prior written permission.
-
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
- LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-
- --------------------
-
-Portions funded by Sandia National Laboratory and developed by the
-University of Michigan's Center for Information Technology
-Integration, including the PKINIT implementation, are subject to the
-following license:
-
- COPYRIGHT (C) 2006-2007
- THE REGENTS OF THE UNIVERSITY OF MICHIGAN
- ALL RIGHTS RESERVED
-
- Permission is granted to use, copy, create derivative works
- and redistribute this software and such derivative works
- for any purpose, so long as the name of The University of
- Michigan is not used in any advertising or publicity
- pertaining to the use of distribution of this software
- without specific, written prior authorization. If the
- above copyright notice or any other identification of the
- University of Michigan is included in any copy of any
- portion of this software, then the disclaimer below must
- also be included.
-
- THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
- FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
- PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
- MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
- WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
- REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
- FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
- CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
- OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
- IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
- SUCH DAMAGES.
-
- --------------------
-
-The pkcs11.h file included in the PKINIT code has the following
-license:
+DES transition
+--------------
- Copyright 2006 g10 Code GmbH
- Copyright 2006 Andreas Jellinghaus
+The Data Encryption Standard (DES) is widely recognized as weak. The
+krb5-1.7 release contains measures to encourage sites to migrate away
+from using single-DES cryptosystems. Among these is a configuration
+variable that enables "weak" enctypes, which defaults to "false"
+beginning with krb5-1.8.
- This file is free software; as a special exception the author gives
- unlimited permission to copy and/or distribute it, with or without
- modifications, as long as this notice is preserved.
+Major changes in 1.10
+---------------------
- This file is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY, to the extent permitted by law; without even
- the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
- PURPOSE.
+krb5-1.10 changes by ticket ID
+------------------------------
Acknowledgements
----------------
-Thanks to Red Hat for donating the pre-authentication plug-in
-framework.
-
-Thanks to Novell for donating the KDB abstraction layer and the LDAP
-database plug-in.
-
-Thanks to Sun Microsystems for donating their implementations of
-mechglue and SPNEGO.
-
-Thanks to the members of the Kerberos V5 development team at MIT, both
-past and present: Danilo Almeida, Jeffrey Altman, Justin Anderson,
-Richard Basch, Jay Berkenbilt, Mitch Berger, Andrew Boardman, Joe
-Calzaretta, John Carr, Don Davis, Alexandra Ellwood, Nancy Gilman,
-Matt Hancher, Sam Hartman, Paul Hill, Marc Horowitz, Eva Jacobus,
-Miroslav Jurisic, Barry Jaspan, Geoffrey King, Kevin Koch, John Kohl,
-Peter Litwack, Scott McGuire, Kevin Mitchell, Cliff Neuman, Paul Park,
-Ezra Peisach, Chris Provenzano, Ken Raeburn, Jon Rochlis, Jeff
-Schiller, Jen Selby, Brad Thompson, Harry Tsai, Ted Ts'o, Marshall
-Vale, Tom Yu.
+Past and present Sponsors of the MIT Kerberos Consortium:
+
+ Apple
+ Carnegie Mellon University
+ Centrify Corporation
+ Columbia University
+ Cornell University
+ The Department of Defense of the United States of America (DoD)
+ Google
+ Iowa State University
+ MIT
+ Michigan State University
+ Microsoft
+ The National Aeronautics and Space Administration
+ of the United States of America (NASA)
+ Network Appliance (NetApp)
+ Nippon Telephone and Telegraph (NTT)
+ Oracle
+ Pennsylvania State University
+ Red Hat
+ Stanford University
+ TeamF1, Inc.
+ The University of Alaska
+ The University of Michigan
+ The University of Pennsylvania
+
+Past and present members of the Kerberos Team at MIT:
+
+ Danilo Almeida
+ Jeffrey Altman
+ Justin Anderson
+ Richard Basch
+ Mitch Berger
+ Jay Berkenbilt
+ Andrew Boardman
+ Bill Bryant
+ Steve Buckley
+ Joe Calzaretta
+ John Carr
+ Mark Colan
+ Don Davis
+ Alexandra Ellwood
+ Dan Geer
+ Nancy Gilman
+ Matt Hancher
+ Thomas Hardjono
+ Sam Hartman
+ Paul Hill
+ Marc Horowitz
+ Eva Jacobus
+ Miroslav Jurisic
+ Barry Jaspan
+ Geoffrey King
+ Kevin Koch
+ John Kohl
+ HaoQi Li
+ Peter Litwack
+ Scott McGuire
+ Steve Miller
+ Kevin Mitchell
+ Cliff Neuman
+ Paul Park
+ Ezra Peisach
+ Chris Provenzano
+ Ken Raeburn
+ Jon Rochlis
+ Jeff Schiller
+ Jen Selby
+ Robert Silk
+ Bill Sommerfeld
+ Jennifer Steiner
+ Ralph Swick
+ Brad Thompson
+ Harry Tsai
+ Zhanna Tsitkova
+ Ted Ts'o
+ Marshall Vale
+ Tom Yu
+
+The following external contributors have provided code, patches, bug
+reports, suggestions, and valuable resources:
+
+ Brandon Allbery
+ Russell Allbery
+ Brian Almeida
+ Michael B Allen
+ Derek Atkins
+ David Bantz
+ Alex Baule
+ Arlene Berry
+ Jeff Blaine
+ Radoslav Bodo
+ Emmanuel Bouillon
+ Michael Calmer
+ Ravi Channavajhala
+ Srinivas Cheruku
+ Leonardo Chiquitto
+ Howard Chu
+ Andrea Cirulli
+ Christopher D. Clausen
+ Kevin Coffman
+ Simon Cooper
+ Sylvain Cortes
+ Nalin Dahyabhai
+ Roland Dowdeswell
+ Jason Edgecombe
+ Mark Eichin
+ Shawn M. Emery
+ Douglas E. Engert
+ Peter Eriksson
+ Ronni Feldt
+ Bill Fellows
+ JC Ferguson
+ William Fiveash
+ Ákos Frohner
+ Marcus Granado
+ Scott Grizzard
+ Helmut Grohne
+ Steve Grubb
+ Philip Guenther
+ Dominic Hargreaves
+ Jakob Haufe
+ Jeff Hodges
+ Love Hörnquist Åstrand
+ Ken Hornstein
+ Henry B. Hotz
+ Luke Howard
+ Jakub Hrozek
+ Shumon Huque
+ Jeffrey Hutzelman
+ Wyllys Ingersoll
+ Holger Isenberg
+ Pavel Jindra
+ Joel Johnson
+ Mikkel Kruse
+ Volker Lendecke
+ Jan iankko Lieskovsky
+ Ryan Lynch
+ Franklyn Mendez
+ Markus Moeller
+ Paul Moore
+ Zbysek Mraz
+ Edward Murrell
+ Nikos Nikoleris
+ Dmitri Pal
+ Javier Palacios
+ Ezra Peisach
+ W. Michael Petullo
+ Mark Phalan
+ Robert Relyea
+ Martin Rex
+ Jason Rogers
+ Mike Roszkowski
+ Guillaume Rousse
+ Tom Shaw
+ Peter Shoults
+ Simo Sorce
+ Michael Ströder
+ Bjørn Tore Sund
+ Rathor Vipin
+ Jorgen Wahlsten
+ Max (Weijun) Wang
+ John Washington
+ Marcus Watts
+ Simon Wilkinson
+ Nicolas Williams
+ Ross Wilper
+ Xu Qiang
+ Hanz van Zijst
+
+The above is not an exhaustive list; many others have contributed in
+various ways to the MIT Kerberos development effort over the years.
+Other acknowledgments (for bug reports and patches) are in the
+doc/CHANGES file.