1Release Notes - Heimdal - Version Heimdal 1.5.3 2 3 Bug fixes 4 - Fix leaking file descriptors in KDC 5 - Better socket/timeout handling in libkrb5 6 - General bug fixes 7 - Build fixes 8 9Release Notes - Heimdal - Version Heimdal 1.5.2 10 11 Security fixes 12 - CVE-2011-4862 Buffer overflow in libtelnet/encrypt.c in telnetd - escalation of privilege 13 - Check that key types strictly match - denial of service 14 15Release Notes - Heimdal - Version Heimdal 1.5.1 16 17 Bug fixes 18 - Fix building on Solaris, requires c99 19 - Fix building on Windows 20 - Build system updates 21 22Release Notes - Heimdal - Version Heimdal 1.5 23 24New features 25 26 - Support GSS name extensions/attributes 27 - SHA512 support 28 - No Kerberos 4 support 29 - Basic support for MIT Admin protocol (SECGSS flavor) 30 in kadmind (extract keytab) 31 - Replace editline with libedit 32 33Release Notes - Heimdal - Version Heimdal 1.4 34 35 New features 36 37 - Support for reading MIT database file directly 38 - KCM is polished up and now used in production 39 - NTLM first class citizen, credentials stored in KCM 40 - Table driven ASN.1 compiler, smaller!, not enabled by default 41 - Native Windows client support 42 43Notes 44 45 - Disabled write support NDBM hdb backend (read still in there) since 46 it can't handle large records, please migrate to a diffrent backend 47 (like BDB4) 48 49Release Notes - Heimdal - Version Heimdal 1.3.3 50 51 Bug fixes 52 - Check the GSS-API checksum exists before trying to use it [CVE-2010-1321] 53 - Check NULL pointers before dereference them [kdc] 54 55Release Notes - Heimdal - Version Heimdal 1.3.2 56 57 Bug fixes 58 59 - Don't mix length when clearing hmac (could memset too much) 60 - More paranoid underrun checking when decrypting packets 61 - Check the password change requests and refuse to answer empty packets 62 - Build on OpenSolaris 63 - Renumber AD-SIGNED-TICKET since it was stolen from US 64 - Don't cache /dev/*random file descriptor, it doesn't get unloaded 65 - Make C++ safe 66 - Misc warnings 67 68Release Notes - Heimdal - Version Heimdal 1.3.1 69 70 Bug fixes 71 72 - Store KDC offset in credentials 73 - Many many more bug fixes 74 75Release Notes - Heimdal - Version Heimdal 1.3.1 76 77 New features 78 79 - Make work with OpenLDAPs krb5 overlay 80 81Release Notes - Heimdal - Version Heimdal 1.3 82 83 New features 84 85 - Partial support for MIT kadmind rpc protocol in kadmind 86 - Better support for finding keytab entries when using SPN aliases in the KDC 87 - Support BER in ASN.1 library (needed for CMS) 88 - Support decryption in Keychain private keys 89 - Support for new sqlite based credential cache 90 - Try both KDC referals and the common DNS reverse lookup in GSS-API 91 - Fix the KCM to not leak resources on failure 92 - Add IPv6 support to iprop 93 - Support localization of error strings in 94 kinit/klist/kdestroy and Kerberos library 95 - Remove Kerberos 4 support in application (still in KDC) 96 - Deprecate DES 97 - Support i18n password in windows domains (using UTF-8) 98 - More complete API emulation of OpenSSL in hcrypto 99 - Support for ECDSA and ECDH when linking with OpenSSL 100 101 API changes 102 103 - Support for settin friendly name on credential caches 104 - Move to using doxygen to generate documentation. 105 - Sprinkling __attribute__((depricated)) for old function to be removed 106 - Support to export LAST-REQUST information in AS-REQ 107 - Support for client deferrals in in AS-REQ 108 - Add seek support for krb5_storage. 109 - Support for split AS-REQ, first step for IA-KERB 110 - Fix many memory leaks and bugs 111 - Improved regression test 112 - Support krb5_cccol 113 - Switch to krb5_set_error_message 114 - Support krb5_crypto_*_iov 115 - Switch to use EVP for most function 116 - Use SOCK_CLOEXEC and O_CLOEXEC (close on exec) 117 - Add support for GSS_C_DELEG_POLICY_FLAG 118 - Add krb5_cc_[gs]et_config to store data in the credential caches 119 - PTY testing application 120 121Bugfixes 122 - Make building on AIX6 possible. 123 - Bugfixes in LDAP KDC code to make it more stable 124 - Make ipropd-slave reconnect when master down gown 125 126 127Release Notes - Heimdal - Version Heimdal 1.2.1 128 129* Bug 130 131 [HEIMDAL-147] - Heimdal 1.2 not compiling on Solaris 132 [HEIMDAL-151] - Make canned tests work again after cert expired 133 [HEIMDAL-152] - iprop test: use full hostname to avoid realm 134 resolving errors 135 [HEIMDAL-153] - ftp: Use the correct length for unmap, msync 136 137Release Notes - Heimdal - Version Heimdal 1.2 138 139* Bug 140 141 [HEIMDAL-10] - Follow-up on bug report for SEGFAULT in 142 gss_display_name/gss_export_name when using SPNEGO 143 [HEIMDAL-15] - Re: [Heimdal-bugs] potential bug in Heimdal 1.1 144 [HEIMDAL-17] - Remove support for depricated [libdefaults]capath 145 [HEIMDAL-52] - hdb overwrite aliases for db databases 146 [HEIMDAL-54] - Two issues which affect credentials delegation 147 [HEIMDAL-58] - sockbuf.c calls setsockopt with bad args 148 [HEIMDAL-62] - Fix printing of sig_atomic_t 149 [HEIMDAL-87] - heimdal 1.1 not building under cygwin in hcrypto 150 [HEIMDAL-105] - rcp: sync rcp with upstream bsd rcp codebase 151 [HEIMDAL-117] - Use libtool to detect symbol versioning (Debian Bug#453241) 152 153* Improvement 154 [HEIMDAL-67] - Fix locking and store credential in atomic writes 155 in the FILE credential cache 156 [HEIMDAL-106] - make compile on cygwin again 157 [HEIMDAL-107] - Replace old random key generation in des module 158 and use it with RAND_ function instead 159 [HEIMDAL-115] - Better documentation and compatibility in hcrypto 160 in regards to OpenSSL 161 162* New Feature 163 [HEIMDAL-3] - pkinit alg agility PRF test vectors 164 [HEIMDAL-14] - Add libwind to Heimdal 165 [HEIMDAL-16] - Use libwind in hx509 166 [HEIMDAL-55] - Add flag to krb5 to not add GSS-API INT|CONF to 167 the negotiation 168 [HEIMDAL-74] - Add support to report extended error message back 169 in AS-REQ to support windows clients 170 [HEIMDAL-116] - test pty based application (using rkpty) 171 [HEIMDAL-120] - Use new OpenLDAP API (older deprecated) 172 173* Task 174 [HEIMDAL-63] - Dont try key usage KRB5_KU_AP_REQ_AUTH for TGS-REQ. 175 This drop compatibility with pre 0.3d KDCs. 176 [HEIMDAL-64] - kcm: first implementation of kcm-move-cache 177 [HEIMDAL-65] - Failed to compile with --disable-pk-init 178 [HEIMDAL-80] - verify that [VU#162289]: gcc silently discards some 179 wraparound checks doesn't apply to Heimdal 180 181Changes in release 1.1 182 183 * Read-only PKCS11 provider built-in to hx509. 184 185 * Documentation for hx509, hcrypto and ntlm libraries improved. 186 187 * Better compatibilty with Windows 2008 Server pre-releases and Vista. 188 189 * Mac OS X 10.5 support for native credential cache. 190 191 * Provide pkg-config file for Heimdal (heimdal-gssapi.pc). 192 193 * Bug fixes. 194 195Changes in release 1.0.2 196 197* Ubuntu packages. 198 199* Bug fixes. 200 201Changes in release 1.0.1 202 203 * Serveral bug fixes to iprop. 204 205 * Make work on platforms without dlopen. 206 207 * Add RFC3526 modp group14 as default. 208 209 * Handle [kdc] database = { } entries without realm = stanzas. 210 211 * Make krb5_get_renewed_creds work. 212 213 * Make kaserver preauth work again. 214 215 * Bug fixes. 216 217Changes in release 1.0 218 219 * Add gss_pseudo_random() for mechglue and krb5. 220 221 * Make session key for the krbtgt be selected by the best encryption 222 type of the client. 223 224 * Better interoperability with other PK-INIT implementations. 225 226 * Inital support for Mac OS X Keychain for hx509. 227 228 * Alias support for inital ticket requests. 229 230 * Add symbol versioning to selected libraries on platforms that uses 231 GNU link editor: gssapi, hcrypto, heimntlm, hx509, krb5, and libkdc. 232 233 * New version of imath included in hcrypto. 234 235 * Fix memory leaks. 236 237 * Bugs fixes. 238 239Changes in release 0.8.1 240 241 * Make ASN.1 library less paranoid to with regard to NUL in string to 242 make it inter-operate with MIT Kerberos again. 243 244 * Make GSS-API library work again when using gss_acquire_cred 245 246 * Add symbol versioning to libgssapi when using GNU ld. 247 248 * Fix memory leaks 249 250 * Bugs fixes 251 252Changes in release 0.8 253 254 * PK-INIT support. 255 256 * HDB extensions support, used by PK-INIT. 257 258 * New ASN.1 compiler. 259 260 * GSS-API mechglue from FreeBSD. 261 262 * Updated SPNEGO to support RFC4178. 263 264 * Support for Cryptosystem Negotiation Extension (RFC 4537). 265 266 * A new X.509 library (hx509) and related crypto functions. 267 268 * A new ntlm library (heimntlm) and related crypto functions. 269 270 * Updated the built-in crypto library with bignum support using 271 imath, support for RSA and DH and renamed it to libhcrypto. 272 273 * Subsystem in the KDC, digest, that will perform the digest 274 operation in the KDC, currently supports: CHAP, MS-CHAP-V2, SASL 275 DIGEST-MD5 NTLMv1 and NTLMv2. 276 277 * KDC will return the "response too big" error to force TCP retries 278 for large (default 1400 bytes) UDP replies. This is common for 279 PK-INIT requests. 280 281 * Libkafs defaults to use 2b tokens. 282 283 * Default to use the API cache on Mac OS X. 284 285 * krb5_kuserok() also checks ~/.k5login.d directory for acl files, 286 see manpage for krb5_kuserok for description. 287 288 * Many, many, other updates to code and info manual and manual pages. 289 290 * Bug fixes 291 292Changes in release 0.7.2 293 294* Fix security problem in rshd that enable an attacker to overwrite 295 and change ownership of any file that root could write. 296 297* Fix a DOS in telnetd. The attacker could force the server to crash 298 in a NULL de-reference before the user logged in, resulting in inetd 299 turning telnetd off because it forked too fast. 300 301* Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name 302 exists in the keytab before returning success. This allows servers 303 to check if its even possible to use GSSAPI. 304 305* Fix receiving end of token delegation for GSS-API. It still wrongly 306 uses subkey for sending for compatibility reasons, this will change 307 in 0.8. 308 309* telnetd, login and rshd are now more verbose in logging failed and 310 successful logins. 311 312* Bug fixes 313 314Changes in release 0.7.1 315 316* Bug fixes 317 318Changes in release 0.7 319 320 * Support for KCM, a process based credential cache 321 322 * Support CCAPI credential cache 323 324 * SPNEGO support 325 326 * AES (and the gssapi conterpart, CFX) support 327 328 * Adding new and improve old documentation 329 330 * Bug fixes 331 332Changes in release 0.6.6 333 334* Fix security problem in rshd that enable an attacker to overwrite 335 and change ownership of any file that root could write. 336 337* Fix a DOS in telnetd. The attacker could force the server to crash 338 in a NULL de-reference before the user logged in, resulting in inetd 339 turning telnetd off because it forked too fast. 340 341Changes in release 0.6.5 342 343 * fix vulnerabilities in telnetd 344 345 * unbreak Kerberos 4 and kaserver 346 347Changes in release 0.6.4 348 349 * fix vulnerabilities in telnet 350 351 * rshd: encryption without a separate error socket should now work 352 353 * telnet now uses appdefaults for the encrypt and forward/forwardable 354 settings 355 356 * bug fixes 357 358Changes in release 0.6.3 359 360 * fix vulnerabilities in ftpd 361 362 * support for linux AFS /proc "syscalls" 363 364 * support for RFC3244 (Windows 2000 Kerberos Change/Set Password) in 365 kpasswdd 366 367 * fix possible KDC denial of service 368 369 * bug fixes 370 371Changes in release 0.6.2 372 373 * Fix possible buffer overrun in v4 kadmin (which now defaults to off) 374 375Changes in release 0.6.1 376 377 * Fixed ARCFOUR suppport 378 379 * Cross realm vulnerability 380 381 * kdc: fix denial of service attack 382 383 * kdc: stop clients from renewing tickets into the future 384 385 * bug fixes 386 387Changes in release 0.6 388 389* The DES3 GSS-API mechanism has been changed to inter-operate with 390 other GSSAPI implementations. See man page for gssapi(3) how to turn 391 on generation of correct MIC messages. Next major release of heimdal 392 will generate correct MIC by default. 393 394* More complete GSS-API support 395 396* Better AFS support: kdc (524) supports 2b; 524 in kdc and AFS 397 support in applications no longer requires Kerberos 4 libs 398 399* Kerberos 4 support in kdc defaults to turned off (includes ka and 524) 400 401* other bug fixes 402 403Changes in release 0.5.2 404 405 * kdc: add option for disabling v4 cross-realm (defaults to off) 406 407 * bug fixes 408 409Changes in release 0.5.1 410 411 * kadmind: fix remote exploit 412 413 * kadmind: add option to disable kerberos 4 414 415 * kdc: make sure kaserver token life is positive 416 417 * telnet: use the session key if there is no subkey 418 419 * fix EPSV parsing in ftp 420 421 * other bug fixes 422 423Changes in release 0.5 424 425 * add --detach option to kdc 426 427 * allow setting forward and forwardable option in telnet from 428 .telnetrc, with override from command line 429 430 * accept addresses with or without ports in krb5_rd_cred 431 432 * make it work with modern openssl 433 434 * use our own string2key function even with openssl (that handles weak 435 keys incorrectly) 436 437 * more system-specific requirements in login 438 439 * do not use getlogin() to determine root in su 440 441 * telnet: abort if telnetd does not support encryption 442 443 * update autoconf to 2.53 444 445 * update config.guess, config.sub 446 447 * other bug fixes 448 449Changes in release 0.4e 450 451 * improve libcrypto and database autoconf tests 452 453 * do not care about salting of server principals when serving v4 requests 454 455 * some improvements to gssapi library 456 457 * test for existing compile_et/libcom_err 458 459 * portability fixes 460 461 * bug fixes 462 463Changes in release 0.4d 464 465 * fix some problems when using libcrypto from openssl 466 467 * handle /dev/ptmx `unix98' ptys on Linux 468 469 * add some forgotten man pages 470 471 * rsh: clean-up and add man page 472 473 * fix -A and -a in builtin-ls in tpd 474 475 * fix building problem on Irix 476 477 * make `ktutil get' more efficient 478 479 * bug fixes 480 481Changes in release 0.4c 482 483 * fix buffer overrun in telnetd 484 485 * repair some of the v4 fallback code in kinit 486 487 * add more shared library dependencies 488 489 * simplify and fix hprop handling of v4 databases 490 491 * fix some building problems (osf's sia and osfc2 login) 492 493 * bug fixes 494 495Changes in release 0.4b 496 497 * update the shared library version numbers correctly 498 499Changes in release 0.4a 500 501 * corrected key used for checksum in mk_safe, unfortunately this 502 makes it backwards incompatible 503 504 * update to autoconf 2.50, libtool 1.4 505 506 * re-write dns/config lookups (krb5_krbhst API) 507 508 * make order of using subkeys consistent 509 510 * add man page links 511 512 * add more man pages 513 514 * remove rfc2052 support, now only rfc2782 is supported 515 516 * always build with kaserver protocol support in the KDC (assuming 517 KRB4 is enabled) and support for reading kaserver databases in 518 hprop 519 520Changes in release 0.3f 521 522 * change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab, 523 the new keytab type that tries both of these in order (SRVTAB is 524 also an alias for krb4:) 525 526 * improve error reporting and error handling (error messages should 527 be more detailed and more useful) 528 529 * improve building with openssl 530 531 * add kadmin -K, rcp -F 532 533 * fix two incorrect weak DES keys 534 535 * fix building of kaserver compat in KDC 536 537 * the API is closer to what MIT krb5 is using 538 539 * more compatible with windows 2000 540 541 * removed some memory leaks 542 543 * bug fixes 544 545Changes in release 0.3e 546 547 * rcp program included 548 549 * fix buffer overrun in ftpd 550 551 * handle omitted sequence numbers as zeroes to handle MIT krb5 that 552 cannot generate zero sequence numbers 553 554 * handle v4 /.k files better 555 556 * configure/portability fixes 557 558 * fixes in parsing of options to kadmin (sub-)commands 559 560 * handle errors in kadmin load better 561 562 * bug fixes 563 564Changes in release 0.3d 565 566 * add krb5-config 567 568 * fix a bug in 3des gss-api mechanism, making it compatible with the 569 specification and the MIT implementation 570 571 * make telnetd only allow a specific list of environment variables to 572 stop it from setting `sensitive' variables 573 574 * try to use an existing libdes 575 576 * lib/krb5, kdc: use correct usage type for ap-req messages. This 577 should improve compatability with MIT krb5 when using 3DES 578 encryption types 579 580 * kdc: fix memory allocation problem 581 582 * update config.guess and config.sub 583 584 * lib/roken: more stuff implemented 585 586 * bug fixes and portability enhancements 587 588Changes in release 0.3c 589 590 * lib/krb5: memory caches now support the resolve operation 591 592 * appl/login: set PATH to some sane default 593 594 * kadmind: handle several realms 595 596 * bug fixes (including memory leaks) 597 598Changes in release 0.3b 599 600 * kdc: prefer default-salted keys on v5 requests 601 602 * kdc: lowercase hostnames in v4 mode 603 604 * hprop: handle more types of MIT salts 605 606 * lib/krb5: fix memory leak 607 608 * bug fixes 609 610Changes in release 0.3a: 611 612 * implement arcfour-hmac-md5 to interoperate with W2K 613 614 * modularise the handling of the master key, and allow for other 615 encryption types. This makes it easier to import a database from 616 some other source without having to re-encrypt all keys. 617 618 * allow for better control over which encryption types are created 619 620 * make kinit fallback to v4 if given a v4 KDC 621 622 * make klist work better with v4 and v5, and add some more MIT 623 compatibility options 624 625 * make the kdc listen on the krb524 (4444) port for compatibility 626 with MIT krb5 clients 627 628 * implement more DCE/DFS support, enabled with --enable-dce, see 629 lib/kdfs and appl/dceutils 630 631 * make the sequence numbers work correctly 632 633 * bug fixes 634 635Changes in release 0.2t: 636 637 * bug fixes 638 639Changes in release 0.2s: 640 641 * add OpenLDAP support in hdb 642 643 * login will get v4 tickets when it receives forwarded tickets 644 645 * xnlock supports both v5 and v4 646 647 * repair source routing for telnet 648 649 * fix building problems with krb4 (krb_mk_req) 650 651 * bug fixes 652 653Changes in release 0.2r: 654 655 * fix realloc memory corruption bug in kdc 656 657 * `add --key' and `cpw --key' in kadmin 658 659 * klist supports listing v4 tickets 660 661 * update config.guess and config.sub 662 663 * make v4 -> v5 principal name conversion more robust 664 665 * support for anonymous tickets 666 667 * new man-pages 668 669 * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab. 670 671 * use and set expiration and not password expiration when dumping 672 to/from ka server databases / krb4 databases 673 674 * make the code happier with 64-bit time_t 675 676 * follow RFC2782 and by default do not look for non-underscore SRV names 677 678Changes in release 0.2q: 679 680 * bug fix in tcp-handling in kdc 681 682 * bug fix in expand_hostname 683 684Changes in release 0.2p: 685 686 * bug fix in `kadmin load/merge' 687 688 * bug fix in krb5_parse_address 689 690Changes in release 0.2o: 691 692 * gss_{import,export}_sec_context added to libgssapi 693 694 * new option --addresses to kdc (for listening on an explicit set of 695 addresses) 696 697 * bug fixes in the krb4 and kaserver emulation part of the kdc 698 699 * other bug fixes 700 701Changes in release 0.2n: 702 703 * more robust parsing of dump files in kadmin 704 * changed default timestamp format for log messages to extended ISO 705 8601 format (Y-M-DTH:M:S) 706 * changed md4/md5/sha1 APIes to be de-facto `standard' 707 * always make hostname into lower-case before creating principal 708 * small bits of more MIT-compatability 709 * bug fixes 710 711Changes in release 0.2m: 712 713 * handle glibc's getaddrinfo() that returns several ai_canonname 714 715 * new endian test 716 717 * man pages fixes 718 719Changes in release 0.2l: 720 721 * bug fixes 722 723Changes in release 0.2k: 724 725 * better IPv6 test 726 727 * make struct sockaddr_storage in roken work better on alphas 728 729 * some missing [hn]to[hn]s fixed. 730 731 * allow users to change their own passwords with kadmin (with initial 732 tickets) 733 734 * fix stupid bug in parsing KDC specification 735 736 * add `ktutil change' and `ktutil purge' 737 738Changes in release 0.2j: 739 740 * builds on Irix 741 742 * ftpd works in passive mode 743 744 * should build on cygwin 745 746 * work around broken IPv6-code on OpenBSD 2.6, also add configure 747 option --disable-ipv6 748 749Changes in release 0.2i: 750 751 * use getaddrinfo in the missing places. 752 753 * fix SRV lookup for admin server 754 755 * use get{addr,name}info everywhere. and implement it in terms of 756 getipnodeby{name,addr} (which uses gethostbyname{,2} and 757 gethostbyaddr) 758 759Changes in release 0.2h: 760 761 * fix typo in kx (now compiles) 762 763Changes in release 0.2g: 764 765 * lots of bug fixes: 766 * push works 767 * repair appl/test programs 768 * sockaddr_storage works on solaris (alignment issues) 769 * works better with non-roken getaddrinfo 770 * rsh works 771 * some non standard C constructs removed 772 773Changes in release 0.2f: 774 775 * support SRV records for kpasswd 776 * look for both _kerberos and krb5-realm when doing host -> realm mapping 777 778Changes in release 0.2e: 779 780 * changed copyright notices to remove `advertising'-clause. 781 * get{addr,name}info added to roken and used in the other code 782 (this makes things work much better with hosts with both v4 and v6 783 addresses, among other things) 784 * do pre-auth for both password and key-based get_in_tkt 785 * support for having several databases 786 * new command `del_enctype' in kadmin 787 * strptime (and new strftime) add to roken 788 * more paranoia about finding libdb 789 * bug fixes 790 791Changes in release 0.2d: 792 793 * new configuration option [libdefaults]default_etypes_des 794 * internal ls in ftpd builds without KRB4 795 * kx/rsh/push/pop_debug tries v5 and v4 consistenly 796 * build bug fixes 797 * other bug fixes 798 799Changes in release 0.2c: 800 801 * bug fixes (see ChangeLog's for details) 802 803Changes in release 0.2b: 804 805 * bug fixes 806 * actually bump shared library versions 807 808Changes in release 0.2a: 809 810 * a new program verify_krb5_conf for checking your /etc/krb5.conf 811 * add 3DES keys when changing password 812 * support null keys in database 813 * support multiple local realms 814 * implement a keytab backend for AFS KeyFile's 815 * implement a keytab backend for v4 srvtabs 816 * implement `ktutil copy' 817 * support password quality control in v4 kadmind 818 * improvements in v4 compat kadmind 819 * handle the case of having the correct cred in the ccache but with 820 the wrong encryption type better 821 * v6-ify the remaining programs. 822 * internal ls in ftpd 823 * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat 824 * add `ank --random-password' and `cpw --random-password' in kadmin 825 * some programs and documentation for trying to talk to a W2K KDC 826 * bug fixes 827 828Changes in release 0.1m: 829 830 * support for getting default from krb5.conf for kinit/kf/rsh/telnet. 831 From Miroslav Ruda <ruda@ics.muni.cz> 832 * v6-ify hprop and hpropd 833 * support numeric addresses in krb5_mk_req 834 * shadow support in login and su. From Miroslav Ruda <ruda@ics.muni.cz> 835 * make rsh/rshd IPv6-aware 836 * make the gssapi sample applications better at reporting errors 837 * lots of bug fixes 838 * handle systems with v6-aware libc and non-v6 kernels (like Linux 839 with glibc 2.1) better 840 * hide failure of ERPT in ftp 841 * lots of bug fixes 842 843Changes in release 0.1l: 844 845 * make ftp and ftpd IPv6-aware 846 * add inet_pton to roken 847 * more IPv6-awareness 848 * make mini_inetd v6 aware 849 850Changes in release 0.1k: 851 852 * bump shared libraries versions 853 * add roken version of inet_ntop 854 * merge more changes to rshd 855 856Changes in release 0.1j: 857 858 * restore back to the `old' 3DES code. This was supposed to be done 859 in 0.1h and 0.1i but I did a CVS screw-up. 860 * make telnetd handle v6 connections 861 862Changes in release 0.1i: 863 864 * start using `struct sockaddr_storage' which simplifies the code 865 (with a fallback definition if it's not defined) 866 * bug fixes (including in hprop and kf) 867 * don't use mawk which seems to mishandle roken.awk 868 * get_addrs should be able to handle v6 addresses on Linux (with the 869 required patch to the Linux kernel -- ask within) 870 * rshd builds with shadow passwords 871 872Changes in release 0.1h: 873 874 * kf: new program for forwarding credentials 875 * portability fixes 876 * make forwarding credentials work with MIT code 877 * better conversion of ka database 878 * add etc/services.append 879 * correct `modified by' from kpasswdd 880 * lots of bug fixes 881 882Changes in release 0.1g: 883 884 * kgetcred: new program for explicitly obtaining tickets 885 * configure fixes 886 * krb5-aware kx 887 * bug fixes 888 889Changes in release 0.1f; 890 891 * experimental support for v4 kadmin protokoll in kadmind 892 * bug fixes 893 894Changes in release 0.1e: 895 896 * try to handle old DCE and MIT kdcs 897 * support for older versions of credential cache files and keytabs 898 * postdated tickets work 899 * support for password quality checks in kpasswdd 900 * new flag --enable-kaserver for kdc 901 * renew fixes 902 * prototype su program 903 * updated (some) manpages 904 * support for KDC resource records 905 * should build with --without-krb4 906 * bug fixes 907 908Changes in release 0.1d: 909 910 * Support building with DB2 (uses 1.85-compat API) 911 * Support krb5-realm.DOMAIN in DNS 912 * new `ktutil srvcreate' 913 * v4/kafs support in klist/kdestroy 914 * bug fixes 915 916Changes in release 0.1c: 917 918 * fix ASN.1 encoding of signed integers 919 * somewhat working `ktutil get' 920 * some documentation updates 921 * update to Autoconf 2.13 and Automake 1.4 922 * the usual bug fixes 923 924Changes in release 0.1b: 925 926 * some old -> new crypto conversion utils 927 * bug fixes 928 929Changes in release 0.1a: 930 931 * new crypto code 932 * more bug fixes 933 * make sure we ask for DES keys in gssapi 934 * support signed ints in ASN1 935 * IPv6-bug fixes 936 937Changes in release 0.0u: 938 939 * lots of bug fixes 940 941Changes in release 0.0t: 942 943 * more robust parsing of krb5.conf 944 * include net{read,write} in lib/roken 945 * bug fixes 946 947Changes in release 0.0s: 948 949 * kludges for parsing options to rsh 950 * more robust parsing of krb5.conf 951 * removed some arbitrary limits 952 * bug fixes 953 954Changes in release 0.0r: 955 956 * default options for some programs 957 * bug fixes 958 959Changes in release 0.0q: 960 961 * support for building shared libraries with libtool 962 * bug fixes 963 964Changes in release 0.0p: 965 966 * keytab moved to /etc/krb5.keytab 967 * avoid false detection of IPv6 on Linux 968 * Lots of more functionality in the gssapi-library 969 * hprop can now read ka-server databases 970 * bug fixes 971 972Changes in release 0.0o: 973 974 * FTP with GSSAPI support. 975 * Bug fixes. 976 977Changes in release 0.0n: 978 979 * Incremental database propagation. 980 * Somewhat improved kadmin ui; the stuff in admin is now removed. 981 * Some support for using enctypes instead of keytypes. 982 * Lots of other improvement and bug fixes, see ChangeLog for details. 983