From b14af627305784ed99eb9eb6368ea808245adf9c Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Thu, 13 Mar 2003 00:59:44 +0000 Subject: [PATCH] First cut release notes for 1.3 branch git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15276 dc483132-0cff-0310-8789-dd5450dbe970 --- README | 404 ++++++++++++++++++++++++++++++--------------------------- 1 file changed, 213 insertions(+), 191 deletions(-) diff --git a/README b/README index a74353d10..e161fcd70 100644 --- a/README +++ b/README @@ -1,19 +1,17 @@ -these were the - Kerberos Version 5, Release 1.2 + Kerberos Version 5, Release 1.3 Release Notes -which are be updated for the next release by The MIT Kerberos Team Unpacking the Source Distribution --------------------------------- The source distribution of Kerberos 5 comes in three gzipped tarfiles, -krb5-1.2.src.tar.gz, krb5-1.2.doc.tar.gz, and krb5-1.2.crypto.tar.gz. -The krb5-1.2.doc.tar.gz contains the doc/ directory and this README -file. The krb5-1.2.src.tar.gz contains the src/ directory and this +krb5-1.3.src.tar.gz, krb5-1.3.doc.tar.gz, and krb5-1.3.crypto.tar.gz. +The krb5-1.3.doc.tar.gz contains the doc/ directory and this README +file. The krb5-1.3.src.tar.gz contains the src/ directory and this README file, except for the crypto library sources, which are in -krb5-1.2.crypto.tar.gz. +krb5-1.3.crypto.tar.gz. Instruction on how to extract the entire distribution follow. These directions assume that you want to extract into a directory called @@ -23,21 +21,21 @@ If you have the GNU tar program and gzip installed, you can simply do: mkdir DIST cd DIST - gtar zxpf krb5-1.2.src.tar.gz - gtar zxpf krb5-1.2.crypto.tar.gz - gtar zxpf krb5-1.2.doc.tar.gz + gtar zxpf krb5-1.3.src.tar.gz + gtar zxpf krb5-1.3.crypto.tar.gz + gtar zxpf krb5-1.3.doc.tar.gz If you don't have GNU tar, you will need to get the FSF gzip distribution and use gzcat: mkdir DIST cd DIST - gzcat krb5-1.2.src.tar.gz | tar xpf - - gzcat krb5-1.2.crypto.tar.gz | tar xpf - - gzcat krb5-1.2.doc.tar.gz | tar xpf - + gzcat krb5-1.3.src.tar.gz | tar xpf - + gzcat krb5-1.3.crypto.tar.gz | tar xpf - + gzcat krb5-1.3.doc.tar.gz | tar xpf - -Both of these methods will extract the sources into DIST/krb5-1.2/src -and the documentation into DIST/krb5-1.2/doc. +Both of these methods will extract the sources into DIST/krb5-1.3/src +and the documentation into DIST/krb5-1.3/doc. Building and Installing Kerberos 5 ---------------------------------- @@ -70,8 +68,14 @@ If you are not able to use krb5-send-pr because you haven't been able compile and install Kerberos V5 on any platform, you may send mail to krb5-bugs@mit.edu. +You may view bug reports by visiting + +http://krbdev.mit.edu/rt/ + +and logging in as "guest" with password "guest". + Notes, Major Changes, and Known Bugs for 1.3 ------------------------------------- +-------------------------------------------- * We now install the compile_et program, so other packages can use the installed com_err library with their own error tables. (If you use @@ -106,194 +110,212 @@ Notes, Major Changes, and Known Bugs for 1.3 can be used to help the compiler and linker find the installed packages; see the build documentation for details. -Notes, Major Changes, and Known Bugs for 1.2, delete before shipping 1.3 ------------------------------------- - -* Triple DES support, for session keys as well as user or service - keys, should be nearly complete in this release. Much of the work - that has been needed is generic multiple-cryptosystem support, so - the addition of another cryptosystem should be much easier. - - * GSSAPI support for 3DES has been added. An Internet Draft is - being worked on that will describe how this works; it is not - currently standardized. Some backwards-compatibility issues in - this area mean that enabling 3DES support must be done with - caution; service keys that are used for GSSAPI must not be updated - to 3DES until the services themselves are upgraded to support 3DES - under GSSAPI. - -* DNS support for locating KDCs is enabled by default. DNS support - for looking up the realm of a host is compiled in but disabled by - default (due to some concerns with DNS spoofing). - - We recommend that you publish your KDC information through DNS even - if you intend to rely on config files at your own site; otherwise, - sites that wish to communicate with you will have to keep their - config files updated with your information. One of the goals of - this code is to reduce the client-side configuration maintenance - requirements as much as is possible, without compromising security. - - See the administrator's guide for information on setting up DNS - information for your realm. - - One important effect of this for developers is that on many systems, - "-lresolv" must be added to the compiler command line when linking - Kerberos programs. - - Configure-time options are available to control the inclusion of the - DNS code and the setting of the defaults. Entries in krb5.conf will - also modify the behavior if the code has been compiled in. - -* Numerous buffer-overrun problems have been found and fixed. Many of - these were in locations we don't expect can be exploited in any - useful way (for example, overrunning a buffer of MAXPATHLEN bytes if - a compiled-in pathname is too long, in a program that has no special - privileges). It may be possible to exploit a few of these to - compromise system security. - -* Partial support for IPv6 addresses has been added. It can be - enabled or disabled at configure time with --enable-ipv6 or - --disable-ipv6; by default, the configure script will search for - certain types and macros, and enable the IPv6 code if they're found. - The IPv6 support at this time mostly consists of including the - addresses in credentials. - -* A protocol change has been made to the "rcmd" suite (rlogin, rsh, - rcp) to address several security problems described in Kris - Hildrum's paper presented at NDSS 2000. New command-line options - have been added to control the selection of protocol, since the - revised protocol is not compatible with the old one. - -* A security problem in login.krb5 has been fixed. This problem was - only present if the krb4 compatibility code was not compiled in. - -* A security problem with ftpd has been fixed. An error in the in the - yacc grammar permitted potential root access. - -* The client programs kinit, klist and kdestroy have been changed to - incorporate krb4 support. New command-line options control whether - krb4 behavior, krb5 behavior, or both are used. - -* Patches from Frank Cusack for much better hardware preauth support - have been incorporated. - -* Patches from Matt Crawford extend the kadmin ACL syntax so that - restrictions can be imposed on what certain administrators may do to - certain accounts. - -* A KDC on a host with multiple network addresses will now respond to - a client from the address that the client used to contact it. The - means used to implement this will however cause the KDC not to - listen on network addresses configured after the KDC has started. - -Minor changes -------------- - -* New software using com_err should use the {add,remove}_error_table - interface rather than init_XXX_error_table; in fact, the latter - function in the generate C files will now call add_error_table - instead of messing with unprotected global variables. - - Karl Ramm has offered to look into reconciling the various - extensions and changes that have been made in different versions of - the MIT library, and the API used in the Heimdal equivalent. No - timeline is set for this work. - -* Some source files (including some header files we install) now have - annotations for use with the LCLint package from the University of - Virginia. LCLint, as of version 2.5q, is not capable of handling - much of the Kerberos code in its current form, at least not without - significantly restructuring the Kerberos code, but it has been used - in limited cases and has uncovered some bugs. We may try adding - more annotations in the future. - -Minor changes for 1.2, delete this section before shipping 1.3 -------------- - -* The shell code for searching for the Tcl package at configure time - has been modified. If a tclConfig.sh can be found, the information - it contains is used, otherwise the old searching method is tried. - Let us know if this new scheme causes any problems. - -* Shared library builds may work on HPUX, Rhapsody/MacOS X, and newer - Alpha systems now. - -* The Windows build will now include kvno and gss-sample. - -* The routine krb5_secure_config_files has been disabled. A new - routine, krb5_init_secure_context, has been added in its place. - -* The routine decode_krb5_ticket is now being exported as - krb5_decode_ticket. Any programs that used the old name (which - should be few) should be changed to use the new name; we will - probably eliminate the old name in the future. - -* The CCAPI-based credentials cache code has been changed to store the - local-clock time of issue and expiration rather than the KDC-clock - times. - -* On systems with large numbers of IP addresses, "kinit" should do a - better job of acquiring those addresses to put in the user's - credentials. - -* Several memory leaks in error cases in the gssrpc code have been +Major changes listed by ticket ID +--------------------------------- + +* [492] PRNG breakage on 64-bit platforms no longer an issue due to + new PRNG implementation. + +* [523] Client library is now compatible with the RC4-based + cryptosystem used by Windows 2000. + +* [709] krb4 long lifetime support has been implemented. + +* [880] krb5_gss_register_acceptor_identity() implemented (is called + gsskrb5_register_acceptor_identity() by Heimdal). + +* [1156, 1209] It is now possible to use the system com_err to build + this release. + +* [1174] TCP support added to client library. + +* [1175] TCP support added to the KDC, but is disabled by default. + +* [1176] autoconf-2.5x is now required by the build system. + +* [1184] It is now possible to use the system Berkeley/Sleepycat DB + library to build this release. + +* [1189, 1251] The KfM krb4 library source base has been merged. + +Minor changes listed by ticket ID +--------------------------------- + +* [90] default_principal_flags documented. + +* [175] Docs refer to appropriate example domains/IPs now. + +* [433] --includedir honored now. + +* [479] unused argument in try_krb4() in login.c deleted. + +* [608] login.krb5 handles SIGHUP more sanely now and thus avoids + getting the session into a weird state w.r.t. job control. + +* [620] krb4 encrypted rcp should work a little better now. Thanks to + Greg Hudson. + +* [673] Weird echoing of admin password in kadmin client worked around + by not using buffered stdio calls to read passwords. + +* [677] The build system has been reworked to allow the user to set + CFLAGS, LDFLAGS, CPPFLAGS, etc. reasonably. + +* [680] Related to [673], rewrite krb5_prompter_posix() to no longer + use longjmp(), thus avoiding some bugs relating to non-restoration + of terminal settings. + +* [697] login.krb5 no longer zeroes out the terminal window size. + +* [710] decomp_ticket() in libkrb4 now looks up the local realm name + more correctly. Thanks to Booker Bense. + +* [771] .rconf files are excluded from the release now. + +* [850] Berekely DB build is better integrated into the krb5 library + build process. + +* [866] lib/krb5/os/localaddr.c and kdc/network.c use a common source + for local address enumeration now. + +* [919] kdc/network.c problems relating to SIOCGIFCONF have been + fixed. + +* [922] An overflow in the string-to-time conversion routines has been fixed. -* A bug with login clobbering some internal static storage on AIX has - been fixed. +* [935] des-cbc-md4 now included in default enctypes. + +* [953] des3 no longer failing on Windows due to SHA1 implementation + problems. + +* [971] option parsing bugs rendered irrelevant by removal of unused + gss mechanism. + +* [986] Related to [677], problems with the ordering of LDFLAGS + initialization rendered irrelevant by use of native autoconf + idioms. + +* [992] Related to [677], quirks with --with-cc no longer relevant as + AC_PROG_CC is used instead now. + +* [999] kdc_default_options now honored in gss context initialization. + +* [1006] Client library, as well as KDC, now perform reasonable + sorting of ETYPE-INFO preauthentication data. + +* [1055] NULL pointer dereferences in code calling + krb5_change_password() have been fixed. + +* [1063] Initial credentials acquisition failures related to client + host having a large number of local network interfaces should be + fixed now. + +* [1065, 1225] krb5_get_init_creds_password() should properly warn about + password expiration. + +* [1066] printf() argument mismatches in rpc unit tests fixed. + +* [1087] ftpd no longer requires channel bindings, allowing easier use + of ftp from behind a NAT. + +* [1102] gssapi_generic.h should now work with C++. + +* [1164] krb5_auth_con_gen_addrs() now properly returns errno instead + of -1 if getpeername() fails. + +* [1178, 1228, 1244, 1246, 1249] Test suite has been stabilized + somewhat. + +* [1188] As part of the modernization of our usage of autoconf, + AC_CONFIG_FILES is now used instead of passing a list of files to + AC_OUTPUT. + +* [1194] configure will no longer recurse out of the top of the source + tree when attempting to locate the top of the source tree. + +* [1195] Example krb5.conf file modified to include all enctypes + supported by the release. + +* [1211] The ASN.1 code no longer passes (harmless) uninitialized + values around. + +* [1212] libkadm5 now allows for persistent exclusive database locks. + +* [1217] krb5_read_password() and des_read_password() are now + implemented via krb5_prompter_posix(). + +* [1224] For SAM challenges, omitted optional strings are no longer + encoded as zero-length strings. + +* [1226] Client-side support for SAM hardware-based preauth + implemented. + +* [1232] If the master KDC cannot be resolved, but a slave is + reachable, the client library now returns the real error from the + slave rather than the resolution failure from the master. Thanks to + Ben Cox. + +* [1234] Assigned numbers for SAM preauth have been corrected. + sam-pk-for-sad implementation has been aligned. + +* [1237] Profile-sharing optimizations from KfM have been merged. + +* [1240] Windows calling conventions for krb5int_c_combine_keys() have + been aligned. + +* [1256] Incorrect sizes passed to memset() in combine_keys() + operations have been corrected. + +* [1260] Client credential lookup now gets new service tickets in + preference to attempting to use expired ticketes. Thanks to Ben + Cox. + +* [1284] kshd accepts connections by IPv6 now. + +* [1292] kvno manpage title fixed. + +* [1293] Source files no longer explicitly attempt to declare errno. -* Per-library initialization and cleanup functions have been added, - for use in configurations that dynamically load and unload these - libraries. +* [1304] kadmind4 no longer leaves sa_flags uninitialized. -* Many compile-time warnings have been fixed. +* [1309] krb5_send_tgs() no longer leaks the storage associated with + the TGS-REQ. -* The GSS sample programs have been updated to exercise more of the - API. +* [1310] kadm5_get_either() no longer leaks regexp library memory. -* The telnet server should produce a more meaningful error message if - authentication is required but not provided. +* [1311] Output from krb5-config no longer contains spurious uses of + $(PURE). -* Changes have been made to ksu to make it more difficult to use it to - leak information the user does not have access to. +* [1346] gss_krb5_ccache_name() no longer attempts to return a pointer + to freed memory. -* The sample config file information for the CYGNUS.COM realm has been - updated, and the GNU.ORG realm has been added. +* [1356] krb5_gss_accept_sec_context() no longer attempts to validate + a null credential if one is passed in. -* A configure-time option has been added to enable a replay cache in - the KDC. We recommend its use when hardware preauthentication is - being used. It is enabled by default, and can be disabled if - desired with the configure-time option --disable-kdc-replay-cache. +* [1357] krb__get_srvtab_name() no longer leaks memory. -* Some new routines have been added to the library and krb5.h. +* [1373] Handling of SAM preauth no longer attempts to stuff a size_t + into an unsigned int. -* A new routine has been added to the prompter interface to allow the - application to determine which of the strings prompted for is the - user's password, in case it is needed for other purposes. +[ DELETE BEFORE RELEASE ---changes to unreleased code, etc.--- ] -* The remote kadmin interface has been enhanced to support the - specification of key/salt types for a principal. +* [1054] KRB-CRED messages for RC4 are encrypted now. -* New keytab entries' key values can now be specified manually with a - new command in the ktutil program. +* [1177] krb5-1-2-2-branch merged onto trunk. -* A longstanding bug where certain krb4 exchanges using the - compatibility library between systems with different byte orders - would fail half the time has been fixed. +* [1193] Punted comment about reworking key storage architecture. -* A source file under the GPL has been replaced with an equivalent - under the BSD license. The file, strftime.c, was part of one of the - OpenVision admin system applications, and was only used on systems - that don't have strftime() in their C libraries. +* [1208] install-headers target implemented. -* Many bug reports are still outstanding in our database. We are - continuing to work on this backlog. +* [1223] asn1_decode_oid, asn1_encode_oid implemented +* [1276] Generated dependencies handle --without-krb4 properly now. Copyright Notice and Legal Administrivia ---------------------------------------- -Copyright (C) 1985-2000 by the Massachusetts Institute of Technology. +Copyright (C) 1985-2003 by the Massachusetts Institute of Technology. All rights reserved. @@ -459,7 +481,7 @@ Thanks to Doug Engert from ANL for providing many bug fixes, as well as testing to ensure DCE interoperability. Thanks to Ken Hornstein at NRL for providing many bug fixes and -suggestions. +suggestions, and for working on SAM preauthentication. Thanks to Matt Crawford at FNAL for bugfixes and enhancements. @@ -473,10 +495,10 @@ Thanks to Christopher Thompson and Marcus Watts for discovering the ftpd security bug. Thanks to the members of the Kerberos V5 development team at MIT, both -past and present: Danilo Almeida, Jay Berkenbilt, Richard Basch, John -Carr, Don Davis, Alexandra Ellwood, Nancy Gilman, Matt Hancher, Sam -Hartman, Paul Hill, Marc Horowitz, Eva Jacobus, Miroslav Jurisic, -Barry Jaspan, Geoffrey King, John Kohl, Peter Litwack, Scott McGuire, -Kevin Mitchell, Cliff Neuman, Paul Park, Ezra Peisach, Chris -Provenzano, Ken Raeburn, Jon Rochlis, Jeff Schiller, Brad Thompson, -Harry Tsai, Ted Ts'o, Marshall Vale, Tom Yu. +past and present: Danilo Almeida, Jay Berkenbilt, Richard Basch, Mitch +Berger, John Carr, Don Davis, Alexandra Ellwood, Nancy Gilman, Matt +Hancher, Sam Hartman, Paul Hill, Marc Horowitz, Eva Jacobus, Miroslav +Jurisic, Barry Jaspan, Geoffrey King, John Kohl, Peter Litwack, Scott +McGuire, Kevin Mitchell, Cliff Neuman, Paul Park, Ezra Peisach, Chris +Provenzano, Ken Raeburn, Jon Rochlis, Jeff Schiller, Jen Selby, Brad +Thompson, Harry Tsai, Ted Ts'o, Marshall Vale, Tom Yu. -- 2.26.2