C C++ Python Objective-C Perl Shell Other
Fetching latest commit…
Cannot retrieve the latest commit at this time.
|Failed to load latest commit information.|
Kerberos Version 5, Release 1.4 Release Notes The MIT Kerberos Team Unpacking the Source Distribution --------------------------------- The source distribution of Kerberos 5 comes in a tarfile, krb5-1.4-signed.tar. The tarfile contains a gzipped tarfile, krb5-1.4.tar.gz, and its corresponding PGP signature, krb5-1.4.tar.gz.asc. You will need the GNU gzip program, and preferably, the GNU tar program, to extract the source distribution. The distribution will extract into a subdirectory "krb5-1.4" of the current directory. Building and Installing Kerberos 5 ---------------------------------- The first file you should look at is doc/install-guide.ps; it contains the notes for building and installing Kerberos 5. The info file krb5-install.info has the same information in info file format. You can view this using the GNU emacs info-mode, or by using the standalone info file viewer from the Free Software Foundation. This is also available as an HTML file, install.html. Other good files to look at are admin-guide.ps and user-guide.ps, which contain the system administrator's guide, and the user's guide, respectively. They are also available as info files kerberos-admin.info and krb5-user.info, respectively. These files are also available as HTML files. If you are attempting to build under Windows, please see the src/windows/README file. Reporting Bugs -------------- Please report any problems/bugs/comments using the krb5-send-pr program. The krb5-send-pr program will be installed in the sbin directory once you have successfully compiled and installed Kerberos V5 (or if you have installed one of our binary distributions). If you are not able to use krb5-send-pr because you haven't been able compile and install Kerberos V5 on any platform, you may send mail to email@example.com. You may view bug reports by visiting http://krbdev.mit.edu/rt/ and logging in as "guest" with password "guest". Important notice regarding Kerberos 4 support --------------------------------------------- In the past few years, several developments have shown the inadequacy of the security of version 4 of the Kerberos protocol. These developments have led the MIT Kerberos Team to begin the process of ending support for version 4 of the Kerberos protocol. The plan involves the eventual removal of Kerberos 4 support from the MIT implementation of Kerberos. The Data Encryption Standard (DES) has reached the end of its useful life. DES is the only encryption algorithm supported by Kerberos 4, and the increasingly obvious inadequacy of DES motivates the retirement of the Kerberos 4 protocol. The National Institute of Standards and Technology (NIST), which had previously certified DES as a US government encryption standard, has officially announced its intention to withdraw the specification of DES. NIST's action reflects the long-held opinion of the cryptographic community that DES has too small a key space to be secure. Breaking DES encryption by an exhaustive search of its key space is within the means of some individuals, many companies, and all major governments. Consequently, DES cannot be considered secure for any long-term keys, particularly the ticket-granting key that is central to Kerberos. Serious protocol flaws have been found in Kerberos 4. These flaws permit attacks which require far less effort than an exhaustive search of the DES key space. These flaws make Kerberos 4 cross-realm authentication an unacceptable security risk and raise serious questions about the security of the entire Kerberos 4 protocol. The known insecurity of DES, combined with the recently discovered protocol flaws, make it extremely inadvisable to rely on the security of version 4 of the Kerberos protocol. These factors motivate the MIT Kerberos Team to remove support for Kerberos version 4 from the MIT implementation of Kerberos. The process of ending Kerberos 4 support began with release 1.3 of MIT Kerberos 5. In release 1.3, the KDC support for version 4 of the Kerberos protocol is disabled by default. Release 1.4 of MIT Kerberos continues to include Kerberos 4 support (also disabled by default in the KDC), but we intend to completely remove Kerberos 4 support from some future release of MIT Kerberos, possibly as early as the 1.5 release of MIT Kerberos. The MIT Kerberos Team has ended active development of Kerberos 4, except for the eventual removal of all Kerberos 4 functionality. We will continue to provide critical security fixes for Kerberos 4, but routine bug fixes and feature enhancements are at an end. We recommend that any sites which have not already done so begin a migration to Kerberos 5. Kerberos 5 provides significant advantages over Kerberos 4, including support for strong encryption, extensibility, improved cross-vendor interoperability, and ongoing development and enhancement. If you have questions or issues regarding migration to Kerberos 5, we recommend discussing them on the firstname.lastname@example.org mailing list. References  National Institute of Standards and Technology. Announcing Proposed Withdrawal of Federal Information Processing Standard (FIPS) for the Data Encryption Standard (DES) and Request for Comments. Federal Register 04-16894, 69 FR 44509-44510, 26 July 2004. DOCID:fr26jy04-31.  Tom Yu, Sam Hartman, and Ken Raeburn. The Perils of Unauthenticated Encryption: Kerberos Version 4. In Proceedings of the Network and Distributed Systems Security Symposium. The Internet Society, February 2004. http://web.mit.edu/tlyu/papers/krb4peril-ndss04.pdf ---------------------------------------------------------------------- Major changes in 1.4 -------------------- *  Merged Athena telnetd changes for creating a new option for requiring encryption. * [1349, 2578, 2601, 2606, 2613, 2743, 2775, 2778, 2877] Add implementation of the RPCSEC_GSS authentication flavor to the RPC library. Thanks to Kevin Coffman and the CITI group at the University of Michigan. *  The kadmind4 backwards-compatibility admin server and the v5passwdd backwards-compatibility password-changing server have been removed. * [1303, 2740, 2755, 2781, 2782, 2812, 2858, 2859, 2874, 2875, 2878, 2879, 2884, 2893] Thread safety for krb5 libraries. *  Yarrow code now uses AES. * [2678, 2802] New client commands kcpytkt and kdeltkt for Windows. *  New command mit2ms on Windows. *  Merged Athena changes to allow ftpd to require encrypted passwords. *  Incorporate gss_krb5_set_allowable_enctypes() and gss_krb5_export_lucid_sec_context(), which are needed for NFSv4, from Kevin Coffman. *  Fix heap buffer overflow in password history mechanism. [MITKRB5-SA-2004-004] Minor changes in 1.4 -------------------- Please see http://krbdev.mit.edu/rt/NoAuth/krb5-1.4/fixed-1.4.html for a complete list. *  Install example config files. *  PATH environment variable won't be overwritten by login.krb5 if already set. *  Sample KDC propagation script fixed. *  Fixed search for res_search() and friends. *  Compilation on Tru64 now detects GNU linker and chooses whether to use -oldstyle_liblookup accordingly. *  port-sockets.h explicitly declares h_errno if the declaration is missing. *  KDC cleans up some per-listener state upon process termination to avoid spurious memory leak indications. *  The server side of the Horowitz password-change protocol now checks for minimum password life. * [1345, 2730, 2757] patchlevel.h is now the master version file. *  GNU sed is no longer required to make depend on Irix. *  SRV record support now handles "." target and adds trailing dots to avoid spurious multiple hostname queries. *  A memory leak in the krb5 context serializer has been fixed. *  Some team procedures now documented. *  Automatic rebuilding of configure scripts, etc. are only done if --enable-maintainer-mode is passed to configure. *  Memory management in the ftp client has been cleaned up. *  DNS SRV record lookup support is unconditionally built on Unix. *  Replacement for daemon() is compiled separately each time it is needed, rather than ending up in the krb5 library. *  Default to building shared libraries on most platforms that support them. *  Fixed daemon() replacement to build on Tru64. *  Fixed some 0 vs NULL issues. *  AES-only configuration now tested in test suite. *  Fixed memory leak in KDC preauth handling. *  Use $(CC) rather than ld to build shared libs on Tru64 and Irix. *  Support for the non-standard enctype ENCTYPE_LOCAL_DES3_HMAC_SHA1 has been removed. *  Test suite checks TCP access to KDC. *  Minor stylistic cleanup in gss-client. * [2296, 2370, 2424] krb5_get_init_creds() APIs avoid multiple queries to master KDC. *  Remove _XOPEN_EXTENDED hack previously used for HP-UX. *  Only sanity-check setutent() API if utmpx.h is not present, as this was preventing recent NetBSD from configuring. *  kvno.exe installed on Windows. *  Fix some internal type inconsistencies in gssapi library. *  Fix KRB5_CALLCONV usage in krb5_cc_resolve(). *  Apply fix from John Hascall to make krb5_get_in_tkt() emulation actually honor the lifetimes in the input credentials. *  Create manpage for krb524d. *  The rcache code no longer attempts to close a negative file descriptor from a failed open. *  The gssapi library now requires that the initiator's channel bindings match those provided by the acceptor, if the acceptor provides them at all. *  Fix some HP-UX 11 compilation issues. *  Fix some HP-UX 11 foreachaddr() issues. *  gss_accept_sec_context() no longer leaks rcaches. *  Clean up some issues relating to use of reserved namespace in k5-platform.h. *  Rewrite handling of whitespace in profile library to better handle whitespace around tag names. *  Fix double-negation of a preprocessor test in osconf.h. *  krb5int_zap_data() uses SecureZeroMemory on Windows instead of memset(). *  krb5_get_init_creds() checks for overflow/underflow on 32-bit timestamps. *  krb5_get_init_creds() no longer issues requests where the renew_until time precedes the expiration time. *  krb5_get_init_creds() supports ticket_lifetime libdefault. *  Default ccache name is evaluated more lazily. *  Handle return of ai_canonname=NULL from getaddrinfo(). *  Fix leak in cc_resolve, reported by Paul Moore. *  libkadm5 acl_init() API renamed to avoid conflict with MacOS X acl API. * [2684, 2710, 2728] Use BIND 8 parsing API when available. *  The profile library iterators no longer get confused when modifications are made to the in-memory profile. *  The krb5-config script now has a manpage. *  New ccache API flag to request only information, not actual credentials. *  Support for upcoming read/write MSLSA ccache. *  resolv.h is included when searching for res_search() and friends, to account for symbol renaming. *  The install-strip make target no longer attempts to strip scripts. *  Fix memory leak in arcfour string_to_key. Reported by Derrick Schommer. *  Fix memory leak in rd_cred.c. Reported by Derrick Schommer. *  Fix memory leak in mk_req_extended(). Reported by Derrick Schommer. *  Add some new version strings for Windows. *  The ticket_lifetime libdefault now uses units of seconds by default, if no units are provided. *  The profile library's error tables aren't loaded on MacOS X. *  Calls to the profile library which set values no longer fail if the file is not writable. *  The profile library has a new API to detect whether the default profile is writable. *  An initial C implementation of CCAPI has been done. *  fake-addrinfo.h includes errno.h earlier. *  The profile library calls stat() less frequently on files. * [2760, 2780] The keytab implementation checks for cases where fopen() can return NULL without setting errno. Reported by Roland Dowdeswell. *  com_err now creates valid prototypes for generated files. Reported by Jeremy Allison. * [2772, 2797] The krb4 library now honors the dns_fallback libdefault setting. * [2776, 2779] Solaris patches exist for the pty-close race condition bug. We check for these patches now checked, and don't apply the priocntl hack if they are present. *  ftpcmds.y unconditionally defines NBBY to 8. *  locate_kdc.c can compile if KRB5_DNS_LOOKUP isn't defined, though we removed the configure-time option for this. *  Fixed some addrinfo problems that affected Irix. * [2796, 2840] Calling conventions for some API functions for Windows have been fixed. *  Windows NSIS installer script updated. *  Support library renamed on Windows. *  krb5-config updated to reference new support library. * [2814, 2816] Some MSLSA ccache features depending on non-public SDK features were backed out. *  Don't create empty array for addresses in MSLSA ccache. *  Fix shared library build on sparc64-netbsd. * [2833, 2834, 2835] Add support for generating/installing debugging symbols on Windows. *  Fix termination of incorrect string in telnetd. *  Fix memory leak in ccache. *  Fix memory leak in asn1_decode_generaltime(). *  Minor documenation fixes. *  Fix IPv6 support on Windows. *  New API function krb5_is_thread_safe() to test for thread safety. * [2870, 2881] Fix crash in MSLSA ccache. *  Handle read() returning -1 in prng.c. *  Fix memory leak in DNS lookup code. *  Fix null pointer dereference in krb5_unparse_name(). *  Fix some gcc-4.0 compatibility problems. *  lib/kdb/keytab.c no longer accesses an uninitialized variable. Copyright Notice and Legal Administrivia ---------------------------------------- Copyright (C) 1985-2005 by the Massachusetts Institute of Technology. All rights reserved. Export of this software from the United States of America may require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. Furthermore if you modify this software you must label your software as modified software and not distribute it in such a fashion that it might be confused with the original MIT software. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. Individual source code files are copyright MIT, Cygnus Support, OpenVision, Oracle, Sun Soft, FundsXpress, and others. Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, and Zephyr are trademarks of the Massachusetts Institute of Technology (MIT). No commercial use of these trademarks may be made without prior written permission of MIT. "Commercial use" means use of a name in a product or other for-profit manner. It does NOT prevent a commercial firm from referring to the MIT trademarks in order to convey information (although in doing so, recognition of their trademark status should be given). ---- The following copyright and permission notice applies to the OpenVision Kerberos Administration system located in kadmin/create, kadmin/dbutil, kadmin/passwd, kadmin/server, lib/kadm5, and portions of lib/rpc: Copyright, OpenVision Technologies, Inc., 1996, All Rights Reserved WARNING: Retrieving the OpenVision Kerberos Administration system source code, as described below, indicates your acceptance of the following terms. If you do not agree to the following terms, do not retrieve the OpenVision Kerberos administration system. You may freely use and distribute the Source Code and Object Code compiled from it, with or without modification, but this Source Code is provided to you "AS IS" EXCLUSIVE OF ANY WARRANTY, INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, OR ANY OTHER WARRANTY, WHETHER EXPRESS OR IMPLIED. IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY FOR ANY LOST PROFITS, LOSS OF DATA OR COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, INCLUDING, WITHOUT LIMITATION, THOSE RESULTING FROM THE USE OF THE SOURCE CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR ANY OTHER REASON. OpenVision retains all copyrights in the donated Source Code. OpenVision also retains copyright to derivative works of the Source Code, whether created by OpenVision or by a third party. The OpenVision copyright notice must be preserved if derivative works are made based on the donated Source Code. OpenVision Technologies, Inc. has donated this Kerberos Administration system to MIT for inclusion in the standard Kerberos 5 distribution. This donation underscores our commitment to continuing Kerberos technology development and our gratitude for the valuable work which has been performed by MIT and the Kerberos community. ---- Portions contributed by Matt Crawford <email@example.com> were work performed at Fermi National Accelerator Laboratory, which is operated by Universities Research Association, Inc., under contract DE-AC02-76CHO3000 with the U.S. Department of Energy. ---- The implementation of the Yarrow pseudo-random number generator in src/lib/crypto/yarrow has the following copyright: Copyright 2000 by Zero-Knowledge Systems, Inc. Permission to use, copy, modify, distribute, and sell this software and its documentation for any purpose is hereby granted without fee, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of Zero-Knowledge Systems, Inc. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. Zero-Knowledge Systems, Inc. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. ZERO-KNOWLEDGE SYSTEMS, INC. DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL ZERO-KNOWLEDGE SYSTEMS, INC. BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTUOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ---- The implementation of the AES encryption algorithm in src/lib/crypto/aes has the following copyright: Copyright (c) 2001, Dr Brian Gladman <firstname.lastname@example.org>, Worcester, UK. All rights reserved. LICENSE TERMS The free distribution and use of this software in both source and binary form is allowed (with or without changes) provided that: 1. distributions of this source code include the above copyright notice, this list of conditions and the following disclaimer; 2. distributions in binary form include the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other associated materials; 3. the copyright holder's name is not used to endorse products built using this software without specific written permission. DISCLAIMER This software is provided 'as is' with no explcit or implied warranties in respect of any properties, including, but not limited to, correctness and fitness for purpose. ---- The implementation of the RPCSEC_GSS authentication flavor in src/lib/rpc has the following copyright: Copyright (c) 2000 The Regents of the University of Michigan. All rights reserved. Copyright (c) 2000 Dug Song <dugsong@UMICH.EDU>. All rights reserved, all wrongs reversed. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Acknowledgments --------------- Appreciation Time!!!! There are far too many people to try to thank them all; many people have contributed to the development of Kerberos V5. This is only a partial listing.... Thanks to Kevin Coffman and the CITI group at the University of Michigan for providing patches for implementing RPCSEC_GSS authentication in the RPC library. Thanks to Derrick Schommer for reporting multiple memory leaks. Thanks to Quanah Gibson-Mount of Stanford University for helping exercise the thread support code. Thanks to Michael Tautschnig for reporting the heap buffer overflow in the password history mechanism. [MITKRB5-SA-2004-004] Thanks to Wyllys Ingersoll for finding a buffer-size problem in the RPCSEC_GSS implementation. Thanks to the members of the Kerberos V5 development team at MIT, both past and present: Danilo Almeida, Jeffrey Altman, Jay Berkenbilt, Richard Basch, Mitch Berger, John Carr, Don Davis, Alexandra Ellwood, Nancy Gilman, Matt Hancher, Sam Hartman, Paul Hill, Marc Horowitz, Eva Jacobus, Miroslav Jurisic, Barry Jaspan, Geoffrey King, John Kohl, Peter Litwack, Scott McGuire, Kevin Mitchell, Cliff Neuman, Paul Park, Ezra Peisach, Chris Provenzano, Ken Raeburn, Jon Rochlis, Jeff Schiller, Jen Selby, Brad Thompson, Harry Tsai, Ted Ts'o, Marshall Vale, Tom Yu. Very special thanks go to Marshall Vale, our departing team leader. Over the past few years, Marshall has been extremely valuable to us as mentor, advisor, manager, and friend. Marshall's devotion as a champion of Kerberos has helped our team immensely through many trials and hardships. We will miss him tremendously, and we wish him the best in his future endeavors.