 e3ffa6232e
			
		
	
	e3ffa6232e
	
	
	
		
			
			git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12193 ec53bebd-3082-4978-b11e-865c3cabbd6b
		
			
				
	
	
		
			597 lines
		
	
	
		
			14 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			597 lines
		
	
	
		
			14 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| Changes in release 0.6
 | |
| 
 | |
| * The DES3 GSS-API mechanism has been changed to inter-operate with
 | |
|   other GSSAPI implementations. See man page for gssapi(3) how to turn
 | |
|   on generation of correct MIC messages. Next major release of heimdal 
 | |
|   will generate correct MIC by default.
 | |
| 
 | |
| * More complete GSS-API support
 | |
| 
 | |
| * Better AFS support: kdc (524) supports 2b; 524 in kdc and AFS
 | |
|   support in applications no longer requires Kerberos 4 libs
 | |
| 
 | |
| * Kerberos 4 support in kdc defaults to turned off (includes ka and 524)
 | |
| 
 | |
| * other bug fixes
 | |
| 
 | |
| Changes in release 0.5.2
 | |
| 
 | |
|  * kdc: add option for disabling v4 cross-realm (defaults to off)
 | |
| 
 | |
|  * bug fixes
 | |
| 
 | |
| Changes in release 0.5.1
 | |
| 
 | |
|  * kadmind: fix remote exploit
 | |
| 
 | |
|  * kadmind: add option to disable kerberos 4
 | |
| 
 | |
|  * kdc: make sure kaserver token life is positive
 | |
| 
 | |
|  * telnet: use the session key if there is no subkey
 | |
| 
 | |
|  * fix EPSV parsing in ftp
 | |
| 
 | |
|  * other bug fixes
 | |
| 
 | |
| Changes in release 0.5
 | |
| 
 | |
|  * add --detach option to kdc
 | |
| 
 | |
|  * allow setting forward and forwardable option in telnet from
 | |
|    .telnetrc, with override from command line
 | |
| 
 | |
|  * accept addresses with or without ports in krb5_rd_cred
 | |
| 
 | |
|  * make it work with modern openssl
 | |
| 
 | |
|  * use our own string2key function even with openssl (that handles weak
 | |
|    keys incorrectly)
 | |
| 
 | |
|  * more system-specific requirements in login
 | |
| 
 | |
|  * do not use getlogin() to determine root in su
 | |
| 
 | |
|  * telnet: abort if telnetd does not support encryption
 | |
| 
 | |
|  * update autoconf to 2.53
 | |
| 
 | |
|  * update config.guess, config.sub
 | |
| 
 | |
|  * other bug fixes
 | |
| 
 | |
| Changes in release 0.4e
 | |
| 
 | |
|  * improve libcrypto and database autoconf tests
 | |
| 
 | |
|  * do not care about salting of server principals when serving v4 requests
 | |
| 
 | |
|  * some improvements to gssapi library
 | |
| 
 | |
|  * test for existing compile_et/libcom_err
 | |
| 
 | |
|  * portability fixes
 | |
| 
 | |
|  * bug fixes
 | |
| 
 | |
| Changes in release 0.4d
 | |
| 
 | |
|  * fix some problems when using libcrypto from openssl
 | |
| 
 | |
|  * handle /dev/ptmx `unix98' ptys on Linux
 | |
| 
 | |
|  * add some forgotten man pages
 | |
| 
 | |
|  * rsh: clean-up and add man page
 | |
| 
 | |
|  * fix -A and -a in builtin-ls in tpd
 | |
| 
 | |
|  * fix building problem on Irix
 | |
| 
 | |
|  * make `ktutil get' more efficient
 | |
| 
 | |
|  * bug fixes
 | |
| 
 | |
| Changes in release 0.4c
 | |
| 
 | |
|  * fix buffer overrun in telnetd
 | |
| 
 | |
|  * repair some of the v4 fallback code in kinit
 | |
| 
 | |
|  * add more shared library dependencies
 | |
| 
 | |
|  * simplify and fix hprop handling of v4 databases
 | |
| 
 | |
|  * fix some building problems (osf's sia and osfc2 login)
 | |
| 
 | |
|  * bug fixes
 | |
| 
 | |
| Changes in release 0.4b
 | |
| 
 | |
|  * update the shared library version numbers correctly
 | |
| 
 | |
| Changes in release 0.4a
 | |
| 
 | |
|  * corrected key used for checksum in mk_safe, unfortunately this
 | |
|    makes it backwards incompatible
 | |
| 
 | |
|  * update to autoconf 2.50, libtool 1.4
 | |
| 
 | |
|  * re-write dns/config lookups (krb5_krbhst API)
 | |
| 
 | |
|  * make order of using subkeys consistent
 | |
| 
 | |
|  * add man page links
 | |
| 
 | |
|  * add more man pages
 | |
| 
 | |
|  * remove rfc2052 support, now only rfc2782 is supported
 | |
| 
 | |
|  * always build with kaserver protocol support in the KDC (assuming
 | |
|    KRB4 is enabled) and support for reading kaserver databases in
 | |
|    hprop
 | |
| 
 | |
| Changes in release 0.3f
 | |
| 
 | |
|  * change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab,
 | |
|    the new keytab type that tries both of these in order (SRVTAB is
 | |
|    also an alias for krb4:)
 | |
| 
 | |
|  * improve error reporting and error handling (error messages should
 | |
|    be more detailed and more useful)
 | |
| 
 | |
|  * improve building with openssl
 | |
| 
 | |
|  * add kadmin -K, rcp -F 
 | |
| 
 | |
|  * fix two incorrect weak DES keys
 | |
| 
 | |
|  * fix building of kaserver compat in KDC
 | |
| 
 | |
|  * the API is closer to what MIT krb5 is using
 | |
| 
 | |
|  * more compatible with windows 2000
 | |
| 
 | |
|  * removed some memory leaks
 | |
| 
 | |
|  * bug fixes
 | |
| 
 | |
| Changes in release 0.3e
 | |
| 
 | |
|  * rcp program included
 | |
| 
 | |
|  * fix buffer overrun in ftpd
 | |
| 
 | |
|  * handle omitted sequence numbers as zeroes to handle MIT krb5 that
 | |
|    cannot generate zero sequence numbers
 | |
| 
 | |
|  * handle v4 /.k files better
 | |
| 
 | |
|  * configure/portability fixes
 | |
| 
 | |
|  * fixes in parsing of options to kadmin (sub-)commands
 | |
| 
 | |
|  * handle errors in kadmin load better
 | |
| 
 | |
|  * bug fixes
 | |
| 
 | |
| Changes in release 0.3d
 | |
| 
 | |
|  * add krb5-config
 | |
| 
 | |
|  * fix a bug in 3des gss-api mechanism, making it compatible with the
 | |
|    specification and the MIT implementation
 | |
| 
 | |
|  * make telnetd only allow a specific list of environment variables to
 | |
|    stop it from setting `sensitive' variables
 | |
| 
 | |
|  * try to use an existing libdes
 | |
| 
 | |
|  * lib/krb5, kdc: use correct usage type for ap-req messages.  This
 | |
|    should improve compatability with MIT krb5 when using 3DES
 | |
|    encryption types
 | |
| 
 | |
|  * kdc: fix memory allocation problem
 | |
| 
 | |
|  * update config.guess and config.sub
 | |
| 
 | |
|  * lib/roken: more stuff implemented
 | |
| 
 | |
|  * bug fixes and portability enhancements
 | |
| 
 | |
| Changes in release 0.3c
 | |
| 
 | |
|  * lib/krb5: memory caches now support the resolve operation
 | |
| 
 | |
|  * appl/login: set PATH to some sane default
 | |
| 
 | |
|  * kadmind: handle several realms
 | |
| 
 | |
|  * bug fixes (including memory leaks)
 | |
| 
 | |
| Changes in release 0.3b
 | |
| 
 | |
|  * kdc: prefer default-salted keys on v5 requests
 | |
| 
 | |
|  * kdc: lowercase hostnames in v4 mode
 | |
| 
 | |
|  * hprop: handle more types of MIT salts
 | |
| 
 | |
|  * lib/krb5: fix memory leak
 | |
| 
 | |
|  * bug fixes
 | |
| 
 | |
| Changes in release 0.3a:
 | |
| 
 | |
|  * implement arcfour-hmac-md5 to interoperate with W2K
 | |
| 
 | |
|  * modularise the handling of the master key, and allow for other
 | |
|    encryption types. This makes it easier to import a database from
 | |
|    some other source without having to re-encrypt all keys.
 | |
| 
 | |
|  * allow for better control over which encryption types are created
 | |
| 
 | |
|  * make kinit fallback to v4 if given a v4 KDC
 | |
| 
 | |
|  * make klist work better with v4 and v5, and add some more MIT
 | |
|    compatibility options
 | |
| 
 | |
|  * make the kdc listen on the krb524 (4444) port for compatibility
 | |
|    with MIT krb5 clients
 | |
| 
 | |
|  * implement more DCE/DFS support, enabled with --enable-dce, see
 | |
|    lib/kdfs and appl/dceutils
 | |
| 
 | |
|  * make the sequence numbers work correctly
 | |
| 
 | |
|  * bug fixes
 | |
| 
 | |
| Changes in release 0.2t:
 | |
| 
 | |
|  * bug fixes
 | |
| 
 | |
| Changes in release 0.2s:
 | |
| 
 | |
|  * add OpenLDAP support in hdb
 | |
| 
 | |
|  * login will get v4 tickets when it receives forwarded tickets
 | |
| 
 | |
|  * xnlock supports both v5 and v4
 | |
| 
 | |
|  * repair source routing for telnet
 | |
| 
 | |
|  * fix building problems with krb4 (krb_mk_req)
 | |
| 
 | |
|  * bug fixes
 | |
| 
 | |
| Changes in release 0.2r:
 | |
| 
 | |
|  * fix realloc memory corruption bug in kdc
 | |
| 
 | |
|  * `add --key' and `cpw --key' in kadmin
 | |
| 
 | |
|  * klist supports listing v4 tickets
 | |
| 
 | |
|  * update config.guess and config.sub
 | |
| 
 | |
|  * make v4 -> v5 principal name conversion more robust
 | |
| 
 | |
|  * support for anonymous tickets
 | |
| 
 | |
|  * new man-pages
 | |
| 
 | |
|  * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab.
 | |
| 
 | |
|  * use and set expiration and not password expiration when dumping
 | |
|    to/from ka server databases / krb4 databases
 | |
| 
 | |
|  * make the code happier with 64-bit time_t
 | |
| 
 | |
|  * follow RFC2782 and by default do not look for non-underscore SRV names
 | |
| 
 | |
| Changes in release 0.2q:
 | |
| 
 | |
|  * bug fix in tcp-handling in kdc
 | |
| 
 | |
|  * bug fix in expand_hostname
 | |
| 
 | |
| Changes in release 0.2p:
 | |
| 
 | |
|  * bug fix in `kadmin load/merge'
 | |
| 
 | |
|  * bug fix in krb5_parse_address
 | |
| 
 | |
| Changes in release 0.2o:
 | |
| 
 | |
|  * gss_{import,export}_sec_context added to libgssapi
 | |
| 
 | |
|  * new option --addresses to kdc (for listening on an explicit set of
 | |
|    addresses)
 | |
| 
 | |
|  * bug fixes in the krb4 and kaserver emulation part of the kdc
 | |
| 
 | |
|  * other bug fixes
 | |
| 
 | |
| Changes in release 0.2n:
 | |
| 
 | |
|  * more robust parsing of dump files in kadmin
 | |
|  * changed default timestamp format for log messages to extended ISO
 | |
|    8601 format (Y-M-DTH:M:S)
 | |
|  * changed md4/md5/sha1 APIes to be de-facto `standard'
 | |
|  * always make hostname into lower-case before creating principal
 | |
|  * small bits of more MIT-compatability
 | |
|  * bug fixes
 | |
| 
 | |
| Changes in release 0.2m:
 | |
| 
 | |
|  * handle glibc's getaddrinfo() that returns several ai_canonname
 | |
| 
 | |
|  * new endian test
 | |
| 
 | |
|  * man pages fixes
 | |
| 
 | |
| Changes in release 0.2l:
 | |
| 
 | |
|  * bug fixes
 | |
| 
 | |
| Changes in release 0.2k:
 | |
| 
 | |
|  * better IPv6 test
 | |
| 
 | |
|  * make struct sockaddr_storage in roken work better on alphas
 | |
| 
 | |
|  * some missing [hn]to[hn]s fixed.
 | |
| 
 | |
|  * allow users to change their own passwords with kadmin (with initial
 | |
|    tickets)
 | |
| 
 | |
|  * fix stupid bug in parsing KDC specification
 | |
| 
 | |
|  * add `ktutil change' and `ktutil purge'
 | |
| 
 | |
| Changes in release 0.2j:
 | |
| 
 | |
|  * builds on Irix
 | |
| 
 | |
|  * ftpd works in passive mode
 | |
| 
 | |
|  * should build on cygwin
 | |
| 
 | |
|  * work around broken IPv6-code on OpenBSD 2.6, also add configure
 | |
|    option --disable-ipv6
 | |
| 
 | |
| Changes in release 0.2i:
 | |
| 
 | |
|  * use getaddrinfo in the missing places.
 | |
| 
 | |
|  * fix SRV lookup for admin server
 | |
| 
 | |
|  * use get{addr,name}info everywhere.  and implement it in terms of
 | |
|    getipnodeby{name,addr} (which uses gethostbyname{,2} and
 | |
|    gethostbyaddr)
 | |
| 
 | |
| Changes in release 0.2h:
 | |
| 
 | |
|  * fix typo in kx (now compiles)
 | |
| 
 | |
| Changes in release 0.2g:
 | |
| 
 | |
|  * lots of bug fixes:
 | |
|    * push works
 | |
|    * repair appl/test programs
 | |
|    * sockaddr_storage works on solaris (alignment issues)
 | |
|    * works better with non-roken getaddrinfo
 | |
|    * rsh works
 | |
|    * some non standard C constructs removed
 | |
| 
 | |
| Changes in release 0.2f:
 | |
| 
 | |
|  * support SRV records for kpasswd
 | |
|  * look for both _kerberos and krb5-realm when doing host -> realm mapping
 | |
| 
 | |
| Changes in release 0.2e:
 | |
| 
 | |
|  * changed copyright notices to remove `advertising'-clause.
 | |
|  * get{addr,name}info added to roken and used in the other code
 | |
|    (this makes things work much better with hosts with both v4 and v6
 | |
|     addresses, among other things)
 | |
|  * do pre-auth for both password and key-based get_in_tkt
 | |
|  * support for having several databases
 | |
|  * new command `del_enctype' in kadmin
 | |
|  * strptime (and new strftime) add to roken
 | |
|  * more paranoia about finding libdb
 | |
|  * bug fixes
 | |
| 
 | |
| Changes in release 0.2d:
 | |
| 
 | |
|  * new configuration option [libdefaults]default_etypes_des
 | |
|  * internal ls in ftpd builds without KRB4
 | |
|  * kx/rsh/push/pop_debug tries v5 and v4 consistenly
 | |
|  * build bug fixes
 | |
|  * other bug fixes
 | |
| 
 | |
| Changes in release 0.2c:
 | |
| 
 | |
|  * bug fixes (see ChangeLog's for details)
 | |
| 
 | |
| Changes in release 0.2b:
 | |
| 
 | |
|  * bug fixes
 | |
|  * actually bump shared library versions
 | |
| 
 | |
| Changes in release 0.2a:
 | |
| 
 | |
|  * a new program verify_krb5_conf for checking your /etc/krb5.conf
 | |
|  * add 3DES keys when changing password
 | |
|  * support null keys in database
 | |
|  * support multiple local realms
 | |
|  * implement a keytab backend for AFS KeyFile's
 | |
|  * implement a keytab backend for v4 srvtabs
 | |
|  * implement `ktutil copy'
 | |
|  * support password quality control in v4 kadmind
 | |
|  * improvements in v4 compat kadmind
 | |
|  * handle the case of having the correct cred in the ccache but with
 | |
|    the wrong encryption type better
 | |
|  * v6-ify the remaining programs.
 | |
|  * internal ls in ftpd
 | |
|  * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat
 | |
|  * add `ank --random-password' and `cpw --random-password' in kadmin
 | |
|  * some programs and documentation for trying to talk to a W2K KDC
 | |
|  * bug fixes
 | |
| 
 | |
| Changes in release 0.1m:
 | |
| 
 | |
|  * support for getting default from krb5.conf for kinit/kf/rsh/telnet.
 | |
|    From Miroslav Ruda <ruda@ics.muni.cz>
 | |
|  * v6-ify hprop and hpropd
 | |
|  * support numeric addresses in krb5_mk_req
 | |
|  * shadow support in login and su. From Miroslav Ruda <ruda@ics.muni.cz>
 | |
|  * make rsh/rshd IPv6-aware
 | |
|  * make the gssapi sample applications better at reporting errors
 | |
|  * lots of bug fixes
 | |
|  * handle systems with v6-aware libc and non-v6 kernels (like Linux
 | |
|    with glibc 2.1) better
 | |
|  * hide failure of ERPT in ftp
 | |
|  * lots of bug fixes
 | |
| 
 | |
| Changes in release 0.1l:
 | |
| 
 | |
|  * make ftp and ftpd IPv6-aware
 | |
|  * add inet_pton to roken
 | |
|  * more IPv6-awareness
 | |
|  * make mini_inetd v6 aware
 | |
| 
 | |
| Changes in release 0.1k:
 | |
| 
 | |
|  * bump shared libraries versions
 | |
|  * add roken version of inet_ntop
 | |
|  * merge more changes to rshd
 | |
| 
 | |
| Changes in release 0.1j:
 | |
| 
 | |
|  * restore back to the `old' 3DES code.  This was supposed to be done
 | |
|    in 0.1h and 0.1i but I did a CVS screw-up.
 | |
|  * make telnetd handle v6 connections
 | |
| 
 | |
| Changes in release 0.1i:
 | |
| 
 | |
|  * start using `struct sockaddr_storage' which simplifies the code
 | |
|    (with a fallback definition if it's not defined)
 | |
|  * bug fixes (including in hprop and kf)
 | |
|  * don't use mawk which seems to mishandle roken.awk
 | |
|  * get_addrs should be able to handle v6 addresses on Linux (with the
 | |
|    required patch to the Linux kernel -- ask within)
 | |
|  * rshd builds with shadow passwords
 | |
| 
 | |
| Changes in release 0.1h:
 | |
| 
 | |
|  * kf: new program for forwarding credentials
 | |
|  * portability fixes
 | |
|  * make forwarding credentials work with MIT code
 | |
|  * better conversion of ka database
 | |
|  * add etc/services.append
 | |
|  * correct `modified by' from kpasswdd
 | |
|  * lots of bug fixes
 | |
| 
 | |
| Changes in release 0.1g:
 | |
| 
 | |
|  * kgetcred: new program for explicitly obtaining tickets
 | |
|  * configure fixes
 | |
|  * krb5-aware kx
 | |
|  * bug fixes
 | |
| 
 | |
| Changes in release 0.1f;
 | |
| 
 | |
|  * experimental support for v4 kadmin protokoll in kadmind
 | |
|  * bug fixes
 | |
| 
 | |
| Changes in release 0.1e:
 | |
| 
 | |
|  * try to handle old DCE and MIT kdcs
 | |
|  * support for older versions of credential cache files and keytabs
 | |
|  * postdated tickets work
 | |
|  * support for password quality checks in kpasswdd
 | |
|  * new flag --enable-kaserver for kdc
 | |
|  * renew fixes
 | |
|  * prototype su program
 | |
|  * updated (some) manpages
 | |
|  * support for KDC resource records
 | |
|  * should build with --without-krb4
 | |
|  * bug fixes
 | |
| 
 | |
| Changes in release 0.1d:
 | |
| 
 | |
|  * Support building with DB2 (uses 1.85-compat API)
 | |
|  * Support krb5-realm.DOMAIN in DNS
 | |
|  * new `ktutil srvcreate'
 | |
|  * v4/kafs support in klist/kdestroy
 | |
|  * bug fixes
 | |
| 
 | |
| Changes in release 0.1c:
 | |
| 
 | |
|  * fix ASN.1 encoding of signed integers
 | |
|  * somewhat working `ktutil get'
 | |
|  * some documentation updates
 | |
|  * update to Autoconf 2.13 and Automake 1.4
 | |
|  * the usual bug fixes
 | |
| 
 | |
| Changes in release 0.1b:
 | |
| 
 | |
|  * some old -> new crypto conversion utils
 | |
|  * bug fixes
 | |
| 
 | |
| Changes in release 0.1a:
 | |
| 
 | |
|  * new crypto code
 | |
|  * more bug fixes
 | |
|  * make sure we ask for DES keys in gssapi
 | |
|  * support signed ints in ASN1
 | |
|  * IPv6-bug fixes
 | |
| 
 | |
| Changes in release 0.0u:
 | |
| 
 | |
|  * lots of bug fixes
 | |
| 
 | |
| Changes in release 0.0t:
 | |
| 
 | |
|  * more robust parsing of krb5.conf
 | |
|  * include net{read,write} in lib/roken
 | |
|  * bug fixes
 | |
| 
 | |
| Changes in release 0.0s:
 | |
| 
 | |
|  * kludges for parsing options to rsh
 | |
|  * more robust parsing of krb5.conf
 | |
|  * removed some arbitrary limits
 | |
|  * bug fixes
 | |
| 
 | |
| Changes in release 0.0r:
 | |
| 
 | |
|  * default options for some programs
 | |
|  * bug fixes
 | |
| 
 | |
| Changes in release 0.0q:
 | |
| 
 | |
|  * support for building shared libraries with libtool
 | |
|  * bug fixes
 | |
| 
 | |
| Changes in release 0.0p:
 | |
| 
 | |
|  * keytab moved to /etc/krb5.keytab
 | |
|  * avoid false detection of IPv6 on Linux
 | |
|  * Lots of more functionality in the gssapi-library
 | |
|  * hprop can now read ka-server databases
 | |
|  * bug fixes
 | |
| 
 | |
| Changes in release 0.0o:
 | |
| 
 | |
|  * FTP with GSSAPI support.
 | |
|  * Bug fixes.
 | |
| 
 | |
| Changes in release 0.0n:
 | |
| 
 | |
|  * Incremental database propagation.
 | |
|  * Somewhat improved kadmin ui; the stuff in admin is now removed.
 | |
|  * Some support for using enctypes instead of keytypes.
 | |
|  * Lots of other improvement and bug fixes, see ChangeLog for details.
 |