1 Kerberos Version 5, Release 1.8
6 Unpacking the Source Distribution
7 ---------------------------------
9 The source distribution of Kerberos 5 comes in a gzipped tarfile,
10 krb5-1.8.tar.gz. Instructions on how to extract the entire
13 If you have the GNU tar program and gzip installed, you can simply do:
15 gtar zxpf krb5-1.8.tar.gz
17 If you don't have GNU tar, you will need to get the FSF gzip
18 distribution and use gzcat:
20 gzcat krb5-1.8.tar.gz | tar xpf -
22 Both of these methods will extract the sources into krb5-1.8/src and
23 the documentation into krb5-1.8/doc.
25 Building and Installing Kerberos 5
26 ----------------------------------
28 The first file you should look at is doc/install-guide.ps; it contains
29 the notes for building and installing Kerberos 5. The info file
30 krb5-install.info has the same information in info file format. You
31 can view this using the GNU emacs info-mode, or by using the
32 standalone info file viewer from the Free Software Foundation. This
33 is also available as an HTML file, install.html.
35 Other good files to look at are admin-guide.ps and user-guide.ps,
36 which contain the system administrator's guide, and the user's guide,
37 respectively. They are also available as info files
38 kerberos-admin.info and krb5-user.info, respectively. These files are
39 also available as HTML files.
41 If you are attempting to build under Windows, please see the
42 src/windows/README file.
47 Please report any problems/bugs/comments using the krb5-send-pr
48 program. The krb5-send-pr program will be installed in the sbin
49 directory once you have successfully compiled and installed Kerberos
50 V5 (or if you have installed one of our binary distributions).
52 If you are not able to use krb5-send-pr because you haven't been able
53 compile and install Kerberos V5 on any platform, you may send mail to
56 You may view bug reports by visiting
58 http://krbdev.mit.edu/rt/
60 and logging in as "guest" with password "guest".
65 The Data Encryption Standard (DES) is widely recognized as weak. The
66 krb5-1.7 release contains measures to encourage sites to migrate away
67 from using single-DES cryptosystems. Among these is a configuration
68 variable that enables "weak" enctypes, which defaults to "false"
69 beginning with krb5-1.8.
74 The krb5-1.8 release contains a large number of changes, featuring
75 improvements in the following broad areas:
81 * Administrator experience
86 * Move toward test-driven development -- new features have test code,
87 or at least written testing procedures.
89 * Increase conformance to coding style
91 + "The great reindent"
93 + Selective refactoring
97 * Crypto modularity -- vendors can more easily substitute their own
98 crypto implementations, which might be hardware-accelerated or
99 validated to FIPS 140, for the builtin crypto implementation that
100 has historically shipped as part of MIT Kerberos. Currently, only
101 an OpenSSL provider is included, but others are possible.
103 * Move toward improved KDB interface
105 * Improved API for verifying and interrogating authorization data
109 * Investigate and remedy repeatedly-reported performance bottlenecks.
111 * Encryption performance -- new crypto API with opaque key structures,
112 to allow for optimizations such as caching of derived keys
116 * Reduce DNS dependence by implementing an interface that allows
117 client library to track whether a KDC supports service principal
120 Administrator experience:
122 * Disable DES by default -- this reduces security exposure from using
123 an increasingly insecure cipher.
125 * More versatile crypto configuration, to simplify migration away from
126 DES -- new configuration syntax to allow inclusion and exclusion of
127 specific algorithms relative to a default set.
129 * Account lockout for repeated login failures -- mitigates online
130 password guessing attacks, and helps with some enterprise regulatory
135 * FAST enhancements -- preauthentication framework enhancements
137 * Microsoft Services for User (S4U) compatibility: S4U2Self, also
138 known as "protocol transition", allows for service to ask a KDC for
139 a ticket to themselves on behalf of a client authenticated via a
140 different means; S4U2Proxy allows a service to ask a KDC for a
141 ticket to another service on behalf of a client.
143 * Anonymous PKINIT -- allows the use of public-key cryptography to
144 anonymously authenticate to a realm
146 krb5-1.8 changes by ticket ID
147 -----------------------------
149 5468 delete kadmin v1 support
150 6206 new API for storing extra per-principal data in ccache
151 6434 krb5_cc_resolve() will crash if a null name param is provided
152 6454 Make krb5_mkt_resolve error handling work
153 6510 Restore limited support for static linking
154 6539 Enctype list configuration enhancements
155 6547 Modify kadm5 initializers to accept krb5 contexts
156 6563 Implement s4u extensions
157 6564 s4u extensions integration broke test suite...
158 6565 HP-UX IA64 wrong endian
159 6572 Implement GSS naming extensions and authdata verification
160 6576 Implement new APIs to allow improved crypto performance
161 6577 Account lockout for repeated login failures
162 6578 Heimdal DB bridge plugin for KDC back end
163 6580 Constrained delegation without PAC support
164 6582 Memory leak in _kadm5_init_any introduced with ipropd
165 6583 Unbundle applications into separate repository
166 6586 libkrb5 support for non-blocking AS requests
167 6590 allow testing even if name->addr->name mapping doesn't work
168 6591 fix slow behavior on Mac OS X with link-local addresses
169 6593 Remove dependency on /bin/csh in test suite
170 6595 FAST (preauth framework) negotiation
171 6597 Add GSS extensions to store credentials, generate random bits
172 6605 PKINIT client should validate SAN for TGS, not service principal
173 6606 allow testing when offline
174 6607 anonymous PKINIT
175 6616 Fix spelling and hyphen errors in man pages
176 6618 Support optional creation of PID files for krb5kdc and kadmind
177 6620 kdc_supported_enctypes does nothing; eradicate mentions thereof
178 6621 disable weak crypto by default
180 Copyright and Other Legal Notices
181 ---------------------------------
183 Copyright (C) 1985-2010 by the Massachusetts Institute of Technology.
187 Export of this software from the United States of America may require
188 a specific license from the United States Government. It is the
189 responsibility of any person or organization contemplating export to
190 obtain such a license before exporting.
192 WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
193 distribute this software and its documentation for any purpose and
194 without fee is hereby granted, provided that the above copyright
195 notice appear in all copies and that both that copyright notice and
196 this permission notice appear in supporting documentation, and that
197 the name of M.I.T. not be used in advertising or publicity pertaining
198 to distribution of the software without specific, written prior
199 permission. Furthermore if you modify this software you must label
200 your software as modified software and not distribute it in such a
201 fashion that it might be confused with the original MIT software.
202 M.I.T. makes no representations about the suitability of this software
203 for any purpose. It is provided "as is" without express or implied
206 THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
207 IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
208 WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
210 Individual source code files are copyright MIT, Cygnus Support,
211 Novell, OpenVision Technologies, Oracle, Red Hat, Sun Microsystems,
212 FundsXpress, and others.
214 Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
215 and Zephyr are trademarks of the Massachusetts Institute of Technology
216 (MIT). No commercial use of these trademarks may be made without
217 prior written permission of MIT.
219 "Commercial use" means use of a name in a product or other for-profit
220 manner. It does NOT prevent a commercial firm from referring to the
221 MIT trademarks in order to convey information (although in doing so,
222 recognition of their trademark status should be given).
226 Portions of src/lib/crypto have the following copyright:
228 Copyright (C) 1998 by the FundsXpress, INC.
232 Export of this software from the United States of America may require
233 a specific license from the United States Government. It is the
234 responsibility of any person or organization contemplating export to
235 obtain such a license before exporting.
237 WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
238 distribute this software and its documentation for any purpose and
239 without fee is hereby granted, provided that the above copyright
240 notice appear in all copies and that both that copyright notice and
241 this permission notice appear in supporting documentation, and that
242 the name of FundsXpress. not be used in advertising or publicity pertaining
243 to distribution of the software without specific, written prior
244 permission. FundsXpress makes no representations about the suitability of
245 this software for any purpose. It is provided "as is" without express
248 THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
249 IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
250 WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
255 The following copyright and permission notice applies to the
256 OpenVision Kerberos Administration system located in kadmin/create,
257 kadmin/dbutil, kadmin/passwd, kadmin/server, lib/kadm5, and portions
260 Copyright, OpenVision Technologies, Inc., 1996, All Rights Reserved
262 WARNING: Retrieving the OpenVision Kerberos Administration system
263 source code, as described below, indicates your acceptance of the
264 following terms. If you do not agree to the following terms, do not
265 retrieve the OpenVision Kerberos administration system.
267 You may freely use and distribute the Source Code and Object Code
268 compiled from it, with or without modification, but this Source
269 Code is provided to you "AS IS" EXCLUSIVE OF ANY WARRANTY,
270 INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR
271 FITNESS FOR A PARTICULAR PURPOSE, OR ANY OTHER WARRANTY, WHETHER
272 EXPRESS OR IMPLIED. IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY
273 FOR ANY LOST PROFITS, LOSS OF DATA OR COSTS OF PROCUREMENT OF
274 SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR
275 CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, INCLUDING,
276 WITHOUT LIMITATION, THOSE RESULTING FROM THE USE OF THE SOURCE
277 CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR ANY
280 OpenVision retains all copyrights in the donated Source Code. OpenVision
281 also retains copyright to derivative works of the Source Code, whether
282 created by OpenVision or by a third party. The OpenVision copyright
283 notice must be preserved if derivative works are made based on the
286 OpenVision Technologies, Inc. has donated this Kerberos
287 Administration system to MIT for inclusion in the standard
288 Kerberos 5 distribution. This donation underscores our
289 commitment to continuing Kerberos technology development
290 and our gratitude for the valuable work which has been
291 performed by MIT and the Kerberos community.
295 Portions contributed by Matt Crawford <crawdad@fnal.gov> were
296 work performed at Fermi National Accelerator Laboratory, which is
297 operated by Universities Research Association, Inc., under
298 contract DE-AC02-76CHO3000 with the U.S. Department of Energy.
302 The implementation of the Yarrow pseudo-random number generator in
303 src/lib/crypto/yarrow has the following copyright:
305 Copyright 2000 by Zero-Knowledge Systems, Inc.
307 Permission to use, copy, modify, distribute, and sell this software
308 and its documentation for any purpose is hereby granted without fee,
309 provided that the above copyright notice appear in all copies and that
310 both that copyright notice and this permission notice appear in
311 supporting documentation, and that the name of Zero-Knowledge Systems,
312 Inc. not be used in advertising or publicity pertaining to
313 distribution of the software without specific, written prior
314 permission. Zero-Knowledge Systems, Inc. makes no representations
315 about the suitability of this software for any purpose. It is
316 provided "as is" without express or implied warranty.
318 ZERO-KNOWLEDGE SYSTEMS, INC. DISCLAIMS ALL WARRANTIES WITH REGARD TO
319 THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
320 FITNESS, IN NO EVENT SHALL ZERO-KNOWLEDGE SYSTEMS, INC. BE LIABLE FOR
321 ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
322 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
323 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTUOUS ACTION, ARISING OUT
324 OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
328 The implementation of the AES encryption algorithm in
329 src/lib/crypto/aes has the following copyright:
331 Copyright (c) 2001, Dr Brian Gladman <brg@gladman.uk.net>, Worcester, UK.
336 The free distribution and use of this software in both source and binary
337 form is allowed (with or without changes) provided that:
339 1. distributions of this source code include the above copyright
340 notice, this list of conditions and the following disclaimer;
342 2. distributions in binary form include the above copyright
343 notice, this list of conditions and the following disclaimer
344 in the documentation and/or other associated materials;
346 3. the copyright holder's name is not used to endorse products
347 built using this software without specific written permission.
351 This software is provided 'as is' with no explcit or implied warranties
352 in respect of any properties, including, but not limited to, correctness
353 and fitness for purpose.
357 Portions contributed by Red Hat, including the pre-authentication
358 plug-ins framework, contain the following copyright:
360 Copyright (c) 2006 Red Hat, Inc.
361 Portions copyright (c) 2006 Massachusetts Institute of Technology
364 Redistribution and use in source and binary forms, with or without
365 modification, are permitted provided that the following conditions
368 * Redistributions of source code must retain the above copyright
369 notice, this list of conditions and the following disclaimer.
371 * Redistributions in binary form must reproduce the above
372 copyright notice, this list of conditions and the following
373 disclaimer in the documentation and/or other materials provided
374 with the distribution.
376 * Neither the name of Red Hat, Inc., nor the names of its
377 contributors may be used to endorse or promote products derived
378 from this software without specific prior written permission.
380 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
381 IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
382 TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
383 PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
384 OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
385 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
386 PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
387 PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
388 LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
389 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
390 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
394 The implementations of GSSAPI mechglue in GSSAPI-SPNEGO in
395 src/lib/gssapi, including the following files:
397 lib/gssapi/generic/gssapi_err_generic.et
398 lib/gssapi/mechglue/g_accept_sec_context.c
399 lib/gssapi/mechglue/g_acquire_cred.c
400 lib/gssapi/mechglue/g_canon_name.c
401 lib/gssapi/mechglue/g_compare_name.c
402 lib/gssapi/mechglue/g_context_time.c
403 lib/gssapi/mechglue/g_delete_sec_context.c
404 lib/gssapi/mechglue/g_dsp_name.c
405 lib/gssapi/mechglue/g_dsp_status.c
406 lib/gssapi/mechglue/g_dup_name.c
407 lib/gssapi/mechglue/g_exp_sec_context.c
408 lib/gssapi/mechglue/g_export_name.c
409 lib/gssapi/mechglue/g_glue.c
410 lib/gssapi/mechglue/g_imp_name.c
411 lib/gssapi/mechglue/g_imp_sec_context.c
412 lib/gssapi/mechglue/g_init_sec_context.c
413 lib/gssapi/mechglue/g_initialize.c
414 lib/gssapi/mechglue/g_inquire_context.c
415 lib/gssapi/mechglue/g_inquire_cred.c
416 lib/gssapi/mechglue/g_inquire_names.c
417 lib/gssapi/mechglue/g_process_context.c
418 lib/gssapi/mechglue/g_rel_buffer.c
419 lib/gssapi/mechglue/g_rel_cred.c
420 lib/gssapi/mechglue/g_rel_name.c
421 lib/gssapi/mechglue/g_rel_oid_set.c
422 lib/gssapi/mechglue/g_seal.c
423 lib/gssapi/mechglue/g_sign.c
424 lib/gssapi/mechglue/g_store_cred.c
425 lib/gssapi/mechglue/g_unseal.c
426 lib/gssapi/mechglue/g_userok.c
427 lib/gssapi/mechglue/g_utils.c
428 lib/gssapi/mechglue/g_verify.c
429 lib/gssapi/mechglue/gssd_pname_to_uid.c
430 lib/gssapi/mechglue/mglueP.h
431 lib/gssapi/mechglue/oid_ops.c
432 lib/gssapi/spnego/gssapiP_spnego.h
433 lib/gssapi/spnego/spnego_mech.c
435 and the initial implementation of incremental propagation, including
436 the following new or changed files:
439 kadmin/server/ipropd_svc.c
441 lib/kdb/kdb_convert.c
444 lib/krb5/error_tables/kdb5_err.et
448 and marked portions of the following files:
450 lib/krb5/os/hst_realm.c
452 are subject to the following license:
454 Copyright (c) 2004 Sun Microsystems, Inc.
456 Permission is hereby granted, free of charge, to any person obtaining a
457 copy of this software and associated documentation files (the
458 "Software"), to deal in the Software without restriction, including
459 without limitation the rights to use, copy, modify, merge, publish,
460 distribute, sublicense, and/or sell copies of the Software, and to
461 permit persons to whom the Software is furnished to do so, subject to
462 the following conditions:
464 The above copyright notice and this permission notice shall be included
465 in all copies or substantial portions of the Software.
467 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
468 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
469 MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
470 IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
471 CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
472 TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
473 SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
477 MIT Kerberos includes documentation and software developed at the
478 University of California at Berkeley, which includes this copyright
481 Copyright (C) 1983 Regents of the University of California.
484 Redistribution and use in source and binary forms, with or without
485 modification, are permitted provided that the following conditions
488 1. Redistributions of source code must retain the above copyright
489 notice, this list of conditions and the following disclaimer.
491 2. Redistributions in binary form must reproduce the above
492 copyright notice, this list of conditions and the following
493 disclaimer in the documentation and/or other materials provided
494 with the distribution.
496 3. Neither the name of the University nor the names of its
497 contributors may be used to endorse or promote products derived
498 from this software without specific prior written permission.
500 THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS "AS IS" AND
501 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
502 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
503 ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
504 FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
505 DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
506 OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
507 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
508 LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
509 OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
514 Portions contributed by Novell, Inc., including the LDAP database
515 backend, are subject to the following license:
517 Copyright (c) 2004-2005, Novell, Inc.
520 Redistribution and use in source and binary forms, with or without
521 modification, are permitted provided that the following conditions are met:
523 * Redistributions of source code must retain the above copyright notice,
524 this list of conditions and the following disclaimer.
525 * Redistributions in binary form must reproduce the above copyright
526 notice, this list of conditions and the following disclaimer in the
527 documentation and/or other materials provided with the distribution.
528 * The copyright holder's name is not used to endorse or promote products
529 derived from this software without specific prior written permission.
531 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
532 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
533 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
534 ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
535 LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
536 CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
537 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
538 INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
539 CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
540 ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
541 POSSIBILITY OF SUCH DAMAGE.
545 Portions funded by Sandia National Laboratory and developed by the
546 University of Michigan's Center for Information Technology
547 Integration, including the PKINIT implementation, are subject to the
550 COPYRIGHT (C) 2006-2007
551 THE REGENTS OF THE UNIVERSITY OF MICHIGAN
554 Permission is granted to use, copy, create derivative works
555 and redistribute this software and such derivative works
556 for any purpose, so long as the name of The University of
557 Michigan is not used in any advertising or publicity
558 pertaining to the use of distribution of this software
559 without specific, written prior authorization. If the
560 above copyright notice or any other identification of the
561 University of Michigan is included in any copy of any
562 portion of this software, then the disclaimer below must
565 THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
566 FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
567 PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
568 MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
569 WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
570 MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
571 REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
572 FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
573 CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
574 OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
575 IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
580 The pkcs11.h file included in the PKINIT code has the following
583 Copyright 2006 g10 Code GmbH
584 Copyright 2006 Andreas Jellinghaus
586 This file is free software; as a special exception the author gives
587 unlimited permission to copy and/or distribute it, with or without
588 modifications, as long as this notice is preserved.
590 This file is distributed in the hope that it will be useful, but
591 WITHOUT ANY WARRANTY, to the extent permitted by law; without even
592 the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
597 Portions contributed by Apple Inc. are subject to the following license:
599 Copyright 2004-2008 Apple Inc. All Rights Reserved.
601 Export of this software from the United States of America may require
602 a specific license from the United States Government. It is the
603 responsibility of any person or organization contemplating export to
604 obtain such a license before exporting.
606 WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
607 distribute this software and its documentation for any purpose and
608 without fee is hereby granted, provided that the above copyright
609 notice appear in all copies and that both that copyright notice and
610 this permission notice appear in supporting documentation, and that
611 the name of Apple Inc. not be used in advertising or publicity pertaining
612 to distribution of the software without specific, written prior
613 permission. Apple Inc. makes no representations about the suitability of
614 this software for any purpose. It is provided "as is" without express
617 THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
618 IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
619 WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
623 The implementations of strlcpy and strlcat in
624 src/util/support/strlcat.c have the following copyright and permission
627 Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
629 Permission to use, copy, modify, and distribute this software for any
630 purpose with or without fee is hereby granted, provided that the above
631 copyright notice and this permission notice appear in all copies.
633 THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
634 WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
635 MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
636 ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
637 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
638 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
639 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
643 The implementations of UTF-8 string handling in src/util/support and
644 src/lib/krb5/unicode are subject to the following copyright and
647 The OpenLDAP Public License
648 Version 2.8, 17 August 2003
650 Redistribution and use of this software and associated documentation
651 ("Software"), with or without modification, are permitted provided
652 that the following conditions are met:
654 1. Redistributions in source form must retain copyright statements
657 2. Redistributions in binary form must reproduce applicable copyright
658 statements and notices, this list of conditions, and the following
659 disclaimer in the documentation and/or other materials provided
660 with the distribution, and
662 3. Redistributions must contain a verbatim copy of this document.
664 The OpenLDAP Foundation may revise this license from time to time.
665 Each revision is distinguished by a version number. You may use
666 this Software under terms of this license revision or under the
667 terms of any subsequent revision of the license.
669 THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS
670 CONTRIBUTORS ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
671 INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
672 AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
673 SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S)
674 OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
675 INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
676 BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
677 LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
678 CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
679 LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
680 ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
681 POSSIBILITY OF SUCH DAMAGE.
683 The names of the authors and copyright holders must not be used in
684 advertising or otherwise to promote the sale, use or other dealing
685 in this Software without specific, written prior permission. Title
686 to copyright in this Software shall at all times remain with copyright
689 OpenLDAP is a registered trademark of the OpenLDAP Foundation.
691 Copyright 1999-2003 The OpenLDAP Foundation, Redwood City,
692 California, USA. All Rights Reserved. Permission to copy and
693 distribute verbatim copies of this document is granted.
697 Marked test programs in src/lib/krb5/krb have the following copyright:
699 Copyright (c) 2006 Kungliga Tekniska Högskolan
700 (Royal Institute of Technology, Stockholm, Sweden).
703 Redistribution and use in source and binary forms, with or without
704 modification, are permitted provided that the following conditions
707 1. Redistributions of source code must retain the above copyright
708 notice, this list of conditions and the following disclaimer.
710 2. Redistributions in binary form must reproduce the above copyright
711 notice, this list of conditions and the following disclaimer in the
712 documentation and/or other materials provided with the distribution.
714 3. Neither the name of KTH nor the names of its contributors may be
715 used to endorse or promote products derived from this software without
716 specific prior written permission.
718 THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
719 EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
720 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
721 PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
722 LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
723 CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
724 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
725 BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
726 WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
727 OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
728 ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
730 Acknowledgements for krb5-1.8
731 -----------------------------
733 Thanks to the members of the Kerberos V5 development team at MIT, both
734 past and present: Danilo Almeida, Jeffrey Altman, Justin Anderson,
735 Richard Basch, Jay Berkenbilt, Mitch Berger, Andrew Boardman, Joe
736 Calzaretta, John Carr, Don Davis, Alexandra Ellwood, Nancy Gilman,
737 Matt Hancher, Sam Hartman, Paul Hill, Marc Horowitz, Eva Jacobus,
738 Miroslav Jurisic, Barry Jaspan, Geoffrey King, Kevin Koch, John Kohl,
739 Peter Litwack, Scott McGuire, Kevin Mitchell, Cliff Neuman, Paul Park,
740 Ezra Peisach, Chris Provenzano, Ken Raeburn, Jon Rochlis, Jeff
741 Schiller, Jen Selby, Robert Silk, Brad Thompson, Harry Tsai, Zhanna
742 Tsitkova, Ted Ts'o, Marshall Vale, Tom Yu.