- Kerberos Version 5, Release 1.0
+these were the
+ Kerberos Version 5, Release 1.1
Release Notes
-
+which will be updated before the next release by
The MIT Kerberos Team
Unpacking the Source Distribution
---------------------------------
The source distribution of Kerberos 5 comes in three gzipped tarfiles,
-krb5-1.0.src.tar.gz, krb5-1.0.doc.tar.gz, and krb5-1.0.crypto.tar.gz.
-The krb5-1.0.doc.tar.gz contains the doc/ directory and this README
-file. The krb5-1.0.src.tar.gz contains the src/ directory and this
+krb5-1.1.src.tar.gz, krb5-1.1.doc.tar.gz, and krb5-1.1.crypto.tar.gz.
+The krb5-1.1.doc.tar.gz contains the doc/ directory and this README
+file. The krb5-1.1.src.tar.gz contains the src/ directory and this
README file, except for the crypto library sources, which are in
-krb5-1.0.crypto.tar.gz.
+krb5-1.1.crypto.tar.gz.
Instruction on how to extract the entire distribution follow. These
directions assume that you want to extract into a directory called
mkdir DIST
cd DIST
- gtar zxpf krb5-1.0.src.tar.gz
- gtar zxpf krb5-1.0.crypto.tar.gz
- gtar zxpf krb5-1.0.doc.tar.gz
+ gtar zxpf krb5-1.1.src.tar.gz
+ gtar zxpf krb5-1.1.crypto.tar.gz
+ gtar zxpf krb5-1.1.doc.tar.gz
If you don't have GNU tar, you will need to get the FSF gzip
distribution and use gzcat:
mkdir DIST
cd DIST
- gzcat krb5-1.0.src.tar.gz | tar xpf -
- gzcat krb5-1.0.crypto.tar.gz | tar xpf -
- gzcat krb5-1.0.doc.tar.gz | tar xpf -
-
-Both of these methods will extract the sources into DIST/krb5-1.0/src
-and the documentation into DIST/krb5-1.0/doc.
-
-Unpacking the Binary Distribution
----------------------------------
-
-Binary distributions of Kerberos V5 are provided merely as convenience
-to those people who wish to try out Kerberos V5 without needing to do
-a full compile of Kerberos.
-
-MIT and the MIT Kerberos V5 development team make no guarantees that
-we will continue to supply binary distributions for future releases of
-Kerberos V5, or for any operating system/platform in particular.
-These binary distributions have been prepared by members of the MIT
-Kerberos V5 development team, or by volunteers who have graciously
-agreed to test the pre-release snapshot. Each binary build is PGP
-signed by the person who prepared the binary distribution for that
-particular platform.
-
-While the binary distribution is *supposed* to correspond exactly to
-the 1.0 Kerberos V5 source release, you have no way of knowing whether
-the person who prepared the binary release might have inserted a
-trojan horse, or a trapdoor. For all you know, the binary
-distribution might be mailing all of your Kerberos keys to
-kremvax!boris. (The same is true for the source distribution, but at
-least you can audit the code yourself!)
-
-For this reason, if you are planning on using Kerberos V5 in
-production, we strongly suggest that you obtain the source
-distribution and compile it from source yourself.
-
-The binary distributions have been compiled so that they will install
-in /usr/local. To install, su to root and and type the command:
-
- cd /usr/local
- gunzip < /tmp/krb5-1.0.<platform>.tar.gz | tar xvf -
+ gzcat krb5-1.1.src.tar.gz | tar xpf -
+ gzcat krb5-1.1.crypto.tar.gz | tar xpf -
+ gzcat krb5-1.1.doc.tar.gz | tar xpf -
+Both of these methods will extract the sources into DIST/krb5-1.1/src
+and the documentation into DIST/krb5-1.1/doc.
Building and Installing Kerberos 5
----------------------------------
compile and install Kerberos V5 on any platform, you may send mail to
krb5-bugs@mit.edu.
-Notes and Major Changes
------------------------
-
-* We are now using the GNATS system to track bug reports for Kerberos
-V5. It is therefore helpful for people to use the krb5-send-pr
-program when reporting bugs. The old interface of sending mail to
-krb5-bugs@mit.edu will still work; however, bug reports sent in this
-fashion may experience a delay in being processed.
-
-* The default keytab name has changed from /etc/v5srvtab to
-/etc/krb5.keytab.
-
-* login.krb5 no longer defaults to getting krb4 tickets.
-
-* The Windows (win16) DLL, LIBKRB5.DLL, has been renamed to
-KRB5_16.DLL. This change was necessary to distinguish it from the
-win32 version, which will be named KRB5_32.DLL. Note that the
-GSSAPI.DLL file has not been renamed, because this name was specified
-in a draft standard for the Windows 16 GSSAPI bindings. (The 32-bit
-version of the GSSAPI DLL will be named GSSAPI32.DLL.)
-
-* The directory structure used for installations has changed. In
-particular, files previously located in $prefix/lib/krb5kdc are now
-normally located in $sysconfdir/krb5kdc. With the normal configure
-options, this means the KDC database goes in /usr/local/var/krb5kdc by
-default. If you wish to have the old behavior, then you would use a
-configure line like the following:
-
- configure --prefix=/usr/local --sysconfdir=/usr/local/lib
-
-* kshd has been modified to accept krb4 encrypted rcp connections; for
-this to work, the v4rcp program must be in the bin directory.
-
-* The gssrpc library has symbol collisions with the rpc library in
-some of the libcs in certain operating systems without shared
-libraries, notably some ports of NetBSD and MkLinux. For those
-platforms which have rpc in libc and also contain NIS in libc,
-compiling with static libraries will not work because of this
-conflict. NetBSD users can either upgrade to the current tree, which
-includes shared libraries for more ports, choose not to build kadmind
-or kadmin, or recompile NetBSD without NIS support. MkLinux users
-must either recompile without NIS or not build the administration
-system.
+Notes, Major Changes, and Known Bugs
+------------------------------------
+
+* Triple DES support is included; however, it is only usable for
+ service keys at the moment, due to a large number of compatibility
+ issues. For example, the GSSAPI library has some (buggy) support
+ for a triple DES session key, but it is intentionally disabled.
+ More here later.
+
+* The lib/rpc tests do not appear to work under NetBSD-1.4, for
+ reasons that are not completely clear at the moment, but probably
+ have something to do with portmapper interfacing. This should not
+ affect other operations, such as kadmind operation.
+
+* Shared library builds are under a new framework; at this point only
+ Solaris, Irix, NetBSD, and possibly Linux are known to work. All
+ other working shared library builds may be figments of your
+ imagination.
+
+* Many existing databases, especially those converted from krb4
+ original databases, may contain expiration dates in 1999. You
+ should make sure to update these expiration dates, and also change
+ any config file entries that have two-digit years.
+
+* Not all reported bugs have been fixed in this release, due to time
+ constraints. We are planning to make another release in the near
+ future with more complete triple DES support, and additional
+ bugfixes. Many of the bugs in our database are reported against
+ what is now quite old code, or require hardware that we do not have,
+ which make them difficult to reproduce and debug. We will work on
+ these older bugs and some externally submitted patches for the
+ following release.
Copyright Notice and Legal Administrivia
----------------------------------------
-Copyright (C) 1996 by the Massachusetts Institute of Technology.
+Copyright (C) 1985-1999 by the Massachusetts Institute of Technology.
All rights reserved.
WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
Individual source code files are copyright MIT, Cygnus Support,
-OpenVision, Oracle, Sun Soft, and others.
+OpenVision, Oracle, Sun Soft, FundsXpress, and others.
Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
and Zephyr are trademarks of the Massachusetts Institute of Technology
their many suggestions and bug fixes.
Thanks to the members of the Kerberos V5 development team at MIT, both
-past and present: Jay Berkenbilt, Richard Basch, John Carr, Don
-Davis, Nancy Gilman, Sam Hartman, Marc Horowitz, Barry Jaspan, John
-Kohl, Cliff Neuman, Kevin Mitchell, Paul Park, Ezra Peisach, Chris
-Provenzano, Jon Rochlis, Jeff Schiller, Harry Tsai, Ted Ts'o, Tom Yu.
+past and present: Danillo Almeida, Jay Berkenbilt, Richard Basch, John
+Carr, Don Davis, Alexis Ellwood, Nancy Gilman, Matt Hancher, Sam
+Hartman, Paul Hill, Marc Horowitz, Eva Jacobus, Barry Jaspan, Geoffrey
+King, John Kohl, Scott McGuire, Kevin Mitchell, Cliff Neuman, Paul
+Park, Ezra Peisach, Chris Provenzano, Ken Raeburn, Jon Rochlis, Jeff
+Schiller, Harry Tsai, Ted Ts'o, Marshall Vale, Tom Yu.