1 Kerberos Version 5, Release 1.9
6 Copyright and Other Notices
7 ---------------------------
9 Copyright (C) 1985-2010 by the Massachusetts Institute of Technology
10 and its contributors. All rights reserved.
12 Please see the file named NOTICE for additional notices.
14 Building and Installing Kerberos 5
15 ----------------------------------
17 The first file you should look at is doc/install-guide.ps; it contains
18 the notes for building and installing Kerberos 5. The info file
19 krb5-install.info has the same information in info file format. You
20 can view this using the GNU emacs info-mode, or by using the
21 standalone info file viewer from the Free Software Foundation. This
22 is also available as an HTML file, install.html.
24 Other good files to look at are admin-guide.ps and user-guide.ps,
25 which contain the system administrator's guide, and the user's guide,
26 respectively. They are also available as info files
27 kerberos-admin.info and krb5-user.info, respectively. These files are
28 also available as HTML files.
30 If you are attempting to build under Windows, please see the
31 src/windows/README file.
36 Please report any problems/bugs/comments using the krb5-send-pr
37 program. The krb5-send-pr program will be installed in the sbin
38 directory once you have successfully compiled and installed Kerberos
39 V5 (or if you have installed one of our binary distributions).
41 If you are not able to use krb5-send-pr because you haven't been able
42 compile and install Kerberos V5 on any platform, you may send mail to
45 You may view bug reports by visiting
47 http://krbdev.mit.edu/rt/
49 and logging in as "guest" with password "guest".
54 The Data Encryption Standard (DES) is widely recognized as weak. The
55 krb5-1.7 release contains measures to encourage sites to migrate away
56 from using single-DES cryptosystems. Among these is a configuration
57 variable that enables "weak" enctypes, which defaults to "false"
58 beginning with krb5-1.8.
65 * Python-based testing framework
76 * Account lockout performance improvements
78 Administrator experience:
81 * Plugin interface for password sync
82 * Plugin interface for password quality checks
83 * Configuration file validator
84 * KDC support for SecurID preauthentication
89 * Camellia encryption (experimental; disabled by default)
91 krb5-1.9 changes by ticket ID
92 -----------------------------
94 2032 No advanced warning of password expiry
95 5014 kadmin (and other utilities) should report enctypes as it takes them
96 6647 Memory leak in kdc
97 6672 Python test framework
98 6679 Lazy history key creation
99 6684 Simple kinit verbosity patch
100 6686 IPv6 support for kprop and kpropd
101 6688 mit-krb5-1.7 fails to compile against openssl-1.0.0
102 6699 Validate and renew should work on non-TGT creds
103 6700 Introduce new krb5_tkt_creds API
104 6712 Add IAKERB mechanism and gss_acquire_cred_with_password
105 6714 [patch] fix format errors in krb5-1.8.1
106 6715 cksum_body exports
107 6719 Add lockout-related performance tuning variables
108 6720 Negative enctypes improperly read from keytabs
109 6723 Negative enctypes improperly read from ccaches
110 6733 Make signedpath authdata visible via GSS naming exts
111 6736 Add krb5_enctype_to_name() API
113 6746 Make kadmin work over IPv6
114 6749 DAL improvements
115 6753 Fix XDR decoding of large values in xdr_u_int
116 6755 Add GIC option for password/account expiration callback
117 6758 Allow krb5_gss_register_acceptor_identity to unset keytab name
118 6760 Fail properly when profile can't be accessed
119 6761 add profile include support
120 6762 key expiration computed incorrectly in libkdb_ldap
121 6763 New plugin infrastructure
122 6765 Password quality pluggable interface
123 6769 clean up memory leak and potential unused variable in crypto tests
124 6771 Fix memory leaks in kdb5_verify
125 6772 Ensure valid key in krb5int_yarrow_cipher_encrypt_block
126 6774 pkinit client cert matching can be disrupted by one of the
128 6775 pkinit <KU> evaluation during certificate matching may fail
129 6776 Typos in src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
130 6777 Segmentation fault in krb library (sn2princ.c) if realm not resolved
131 6778 kdb: store mkey list in context and permit NULL mkey for
132 kdb_dbe_decrypt_key_data
133 6779 kinit: add KDB keytab support
134 6783 KDC worker processes feature
135 6784 relicense Sun RPC to 3-clause BSD-style
136 6785 Add gss_krb5_import_cred
137 6786 kpasswd: if a credential cache is present, use FAST
139 6791 kadm5_hook: new plugin interface
140 6792 Implement k5login_directory and k5login_authoritative options
141 6793 acquire_init_cred leaks interned name
142 6795 Propagate modprinc -unlock from master to slave KDCs
143 6796 segfault due to uninitialized variable in S4U
144 6799 Performance issue in LDAP policy fetch
145 6801 Fix leaks in get_init_creds interface
146 6802 copyright notice updates
147 6804 Remove KDC replay cache
148 6805 securID code fixes
149 6806 securID error handling fix
150 6807 SecurID build support
151 6809 gss_krb5int_make_seal_token_v3_iov fails to set conf_state
152 6810 Better libk5crypto NSS fork safety
153 6811 Mark Camellia-CCM code as experimental
154 6812 krb5_get_credentials should not fail due to inability to store
155 a credential in a cache
160 Past and present Sponsors of the MIT Kerberos Consortium:
163 Carnegie Mellon University
167 The Department of Defense of the United States of America (DoD)
169 Iowa State University
171 Michigan State University
173 The National Aeronautics and Space Administration
174 of the United States of America (NASA)
175 Network Appliance (NetApp)
176 Nippon Telephone and Telegraph (NTT)
178 Pennsylvania State University
182 The University of Alaska
183 The University of Michigan
184 The University of Pennsylvania
186 Past and present members of the Kerberos Team at MIT:
239 The following external contributors have provided code, patches, bug
240 reports, suggestions, and valuable resources:
259 Christopher D. Clausen
282 Love Hörnquist Åstrand
295 Jan iankko Lieskovsky
329 The above is not an exhaustive list; many others have contributed in
330 various ways to the MIT Kerberos development effort over the years.
331 Other acknowledgments (for bug reports and patches) are in the