From 409658a3d104aaf80e35034bf5025ea9981b22a4 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Wed, 22 Dec 2010 20:36:11 +0000 Subject: [PATCH] README and patchlevel.h for krb5-1.9 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24586 dc483132-0cff-0310-8789-dd5450dbe970 --- README | 64 +++++++++++++++++++++++++++++++++--------------- src/patchlevel.h | 4 +-- 2 files changed, 46 insertions(+), 22 deletions(-) diff --git a/README b/README index 766a02a71..052a0ddbb 100644 --- a/README +++ b/README @@ -60,17 +60,30 @@ beginning with krb5-1.8. Major changes in 1.9 -------------------- +Additional background information on these changes may be found at + + http://k5wiki.kerberos.org/wiki/Release_1.9 + +and + + http://k5wiki.kerberos.org/wiki/Category:Release_1.9_projects + Code quality: -* Fix MITKRB5-SA-2010-007 checksum vulnerabilities (CVE-2010-1324 and others) -* Python-based testing framework -* DAL cleanup +* Fix MITKRB5-SA-2010-007 checksum vulnerabilities (CVE-2010-1324 and + others). + +* Add a Python-based testing framework. + +* Perform DAL cleanup. Developer experience: -* NSS crypto back end -* PRNG modularity -* Fortuna-like PRNG +* Add NSS crypto back end. + +* Improve PRNG modularity. + +* Add a Fortuna-like PRNG back end. Performance: @@ -78,32 +91,42 @@ Performance: account lockout functionality to reduce the number of write operations to the database during authentication +* Add support for multiple KDC worker processes. + Administrator experience: -* Trace logging -- for easier diagnosis of configuration problems +* Add Trace logging support to ease the diagnosis of configuration + problems. -* Support for purging old keys (e.g. from "cpw -randkey -keepold") +* Add support for purging old keys (e.g. from "cpw -randkey -keepold"). -* Plugin interface for password sync -- based on proposed patches by - Russ Allbery that support his krb5-sync package +* Add plugin interface for password sync -- based on proposed patches + by Russ Allbery that support his krb5-sync package -* Plugin interface for password quality checks -- enables pluggable - password quality checks similar to Russ Allbery's krb5-strength - package +* Add plugin interface for password quality checks -- enables + pluggable password quality checks similar to Russ Allbery's + krb5-strength package. -* Configuration file validator +* Add a configuration file validator script. -* KDC support for SecurID preauthentication -- This is the old SAM-2 - protocol, implemented to support existing deployments, not the +* Add KDC support for SecurID preauthentication -- this is the old + SAM-2 protocol, implemented to support existing deployments, not the in-progress FAST-OTP work. +* Add "cheat" capability for kinit when running on a KDC host. + Protocol evolution: -* IAKERB -- a mechanism for tunneling Kerberos KDC transactions over - GSS-API, enabling clients to authenticate to services even when the - clients cannot directly reach the KDC that serves the services. +* Add support for IAKERB -- a mechanism for tunneling Kerberos KDC + transactions over GSS-API, enabling clients to authenticate to + services even when the clients cannot directly reach the KDC that + serves the services. + +* Add support for Camellia encryption (experimental; disabled by + default). -* Camellia encryption (experimental; disabled by default) +* Add GSS-API support for implementors of the SASL GS2 bridge + mechanism. krb5-1.9 changes by ticket ID ----------------------------- @@ -157,6 +180,7 @@ krb5-1.9 changes by ticket ID 6791 kadm5_hook: new plugin interface 6792 Implement k5login_directory and k5login_authoritative options 6793 acquire_init_cred leaks interned name +6794 krb5.conf manpage missing reference to rdns setting 6795 Propagate modprinc -unlock from master to slave KDCs 6796 segfault due to uninitialized variable in S4U 6799 Performance issue in LDAP policy fetch diff --git a/src/patchlevel.h b/src/patchlevel.h index 51e24b416..7b0c6ac2a 100644 --- a/src/patchlevel.h +++ b/src/patchlevel.h @@ -53,6 +53,6 @@ #define KRB5_MAJOR_RELEASE 1 #define KRB5_MINOR_RELEASE 9 #define KRB5_PATCHLEVEL 0 -#define KRB5_RELTAIL "beta3-postrelease" +/* #undef KRB5_RELTAIL */ /* #undef KRB5_RELDATE */ -#define KRB5_RELTAG "branches/krb5-1-9" +#define KRB5_RELTAG "tags/krb5-1-9-final" -- 2.26.2