Skip to content
This repository

mirror of MIT krb5 repository

tag: krb5-1.5.3-fin…

Fetching latest commit…

Octocat-spinner-32-eaf2f5

Cannot retrieve the latest commit at this time

Octocat-spinner-32 doc
Octocat-spinner-32 src
Octocat-spinner-32 README
README
                  Kerberos Version 5, Release 1.5.3

                            Release Notes
                        The MIT Kerberos Team

Unpacking the Source Distribution
---------------------------------

The source distribution of Kerberos 5 comes in a gzipped tarfile,
krb5-1.5.3.tar.gz.  Instructions on how to extract the entire
distribution follow.

If you have the GNU tar program and gzip installed, you can simply do:

        gtar zxpf krb5-1.5.3.tar.gz

If you don't have GNU tar, you will need to get the FSF gzip
distribution and use gzcat:

        gzcat krb5-1.5.3.tar.gz | tar xpf -

Both of these methods will extract the sources into krb5-1.5.3/src and
the documentation into krb5-1.5.3/doc.

Building and Installing Kerberos 5
----------------------------------

The first file you should look at is doc/install-guide.ps; it contains
the notes for building and installing Kerberos 5.  The info file
krb5-install.info has the same information in info file format.  You
can view this using the GNU emacs info-mode, or by using the
standalone info file viewer from the Free Software Foundation.  This
is also available as an HTML file, install.html.

Other good files to look at are admin-guide.ps and user-guide.ps,
which contain the system administrator's guide, and the user's guide,
respectively.  They are also available as info files
kerberos-admin.info and krb5-user.info, respectively.  These files are
also available as HTML files.

If you are attempting to build under Windows, please see the
src/windows/README file.  Note that this release might not build
under Windows currently.

Reporting Bugs
--------------

Please report any problems/bugs/comments using the krb5-send-pr
program.  The krb5-send-pr program will be installed in the sbin
directory once you have successfully compiled and installed Kerberos
V5 (or if you have installed one of our binary distributions).

If you are not able to use krb5-send-pr because you haven't been able
compile and install Kerberos V5 on any platform, you may send mail to
krb5-bugs@mit.edu.

You may view bug reports by visiting

http://krbdev.mit.edu/rt/

and logging in as "guest" with password "guest".

Major changes in krb5-1.5.3
---------------------------

[5512]  Fix MITKRB5-SA-2007-001: telnetd allows login as arbitrary user
        [CVE-2007-0956, VU#220816]

[5513]  Fix MITKRB5-SA-2007-002: buffer overflow in krb5_klog_syslog
        [CVE-2007-0957, VU#704024]

[5520]  Fix MITKRB5-SA-2007-003: double-free in kadmind - the RPC
        library could perform a double-free due to a GSS-API library
        bug [CVE-2007-1216, VU#419344]

krb5-1.5.3 changes by ticket ID
-------------------------------

5512 	(krb5-1.5.x) MITKRB5-SA-2007-001: telnetd allows login as
        arbitrary user
5513 	(krb5-1.5.x) MITKRB5-SA-2007-002: buffer overflow in
        krb5_klog_syslog
5520 	(krb5-1.5.x) MITKRB5-SA-2007-003: double-free in kadmind

Major changes in krb5-1.5.2
---------------------------

* Fix for MITKRB5-SA-2006-002: the RPC library could call an
  uninitialized function pointer, which created a security
  vulnerability for kadmind.

* Fix for MITKRB5-SA-2006-003: the GSS-API mechglue layer could fail
  to initialize some output pointers, causing callers to attempt to
  free uninitialized pointers.  This caused a security vulnerability
  in kadmind.

Major known bugs in krb5-1.5.2
------------------------------

5293    crash creating db2 database in non-existent directory

  Attempting to create a KDB in a non-existent directory using the
  Berkeley DB back end may cause a crash resulting from a null pointer
  dereference.  If a core dump occurs, this may cause a local exposure
  of sensitive information such a master key password.  This will be
  fixed in an upcoming patch release.

krb5-1.5.2 changes by ticket ID
-------------------------------

Listed below are the RT tickets of bugs fixed in krb5-1.5.2.  Please see

http://krbdev.mit.edu/rt/NoAuth/krb5-1.5/fixed-1.5.2.html

for a current listing with links to the complete tickets.

3965    Autoconf 2.60 datarootdir issue
4237    windows ccache and keytab file paths without a prefix
4305    windows thread support frees thread local storage after TlsSetValue
4309    wix installer - win2k compatibility for netidmgr
4310    NSIS installer - update for Win2K NetIDMgr
4312    KFW 3.1 Beta 2 NetIDMgr Changes
4354    db2 policy database loading broken
4355    test policy dump/load in make check
4368    kdc: make_toolong_error does not initialize all fields for
        krb5_mk_error
4407    final commits for KFW 3.1 Beta 2
4499    Document prerequisites for make check
4500    Initialize buffer before calling res_ninit
5307    fix MITKRB5-SA-2006-002 for 1.5-branch
5308    fix MITKRB5-SA-2006-003 for 1.5-branch

Major changes in 1.5.1
----------------------

The only significant change in krb5-1.5.1 is to fix the security
vulnerabilities described in MITKRB5-SA-2006-001, which are local
privilege escalation vulnerabilities in applications running on Linux
and AIX.

krb5-1.5.1 changes by ticket ID
-------------------------------

Listed below are the RT tickets of bugs fixed in krb5-1.5.1.  Please see

http://krbdev.mit.edu/rt/NoAuth/krb5-1.5/fixed-1.5.1.html

for a current listing with links to the complete tickets.

3904    fix uninitialized vars
3956    gssapi compilation errors on Windows
3971    broken configure test for dlopen
3998    Document add_entry in ktutil man page
4012    reverse test for copy_oid_set in lib/gssapi/krb5/indicate_mechs.c
4036    reject configure option for static libraries
4037    respect LDFLAGS in NetBSD build
4063    gss mech glue implementation should validate opaque pointer types
4088    gss_import_name can fail to call gssint_initialize_library()
4125    fix MITKRB5-SA-2006-001: multiple local privilege escalation
        vulnerabilities
4137    ksu spuriously fails when exiting shell when ksu-ing to non-root
4168    clean up mkrel patchlevel.h editing etc.

Major changes in 1.5
--------------------

Kerberos 5 Release 1.5 includes many significant changes to the
Kerberos build system, to GSS-API, and to the Kerberos KDC and
administration system.  These changes build up infrastructure as part
of our efforts to make Kerberos more extensible and flexible.  While
we are confident that these changes will improve Kerberos in the long
run, significant code restructuring may introduce portability problems
or change behavior in ways that break applications.  It is always
important to test a new version of critical security software like
Kerberos before deploying it in your environment to confirm that the
new version meets your environment's requirements.  Because of the
significant restructuring, it is more important than usual to perform
this testing and to report problems you find.

Highlights of major changes include:

* KDB abstraction layer, donated by Novell.

* plug-in architecture, allowing for extension modules to be loaded at
  run-time.

* multi-mechanism GSS-API implementation ("mechglue"), donated by
  Sun Microsystems

* Simple and Protected GSS-API negotiation mechanism ("SPNEGO")
  implementation, donated by Sun Microsystems

* Per-directory ChangeLog files have been deleted.  Releases now
  include auto-generated revision history logs in the combined file
  doc/CHANGES.

Changes by ticket ID
--------------------

Listed below are the RT tickets of bugs fixed in krb5-1.5.  Please see

http://krbdev.mit.edu/rt/NoAuth/krb5-1.5/fixed-1.5.html

for a current listing with links to the complete tickets.

581     verify_krb_v4_tgt is not 64-bit clean
856     patch to add shared library support for BSD/OS 4
1245    source tree not 64-bit clean
1288    v4 ticket file format incompatibilities
1431    fix errno.h references for cygwin
1434    use win32 rename solution in rcache for cygwin
1988    profile library fails to handle space in front of comments
2577    [Russ Allbery] Bug#250966: /usr/sbin/klogind: Authorization
        behavior not fully documented
2615    Fwd: Patch for telnet / telnetd to avoid crashes when used
        with MS kdc and PAC field
2628    Cygwin build patches
2648    [Russ Allbery] Bug#262192: libkrb53: krb_get_pw_in_tkt
        problems with AFS keys
2712    whitespace patch for src/kdc/kerberos_v4.c
2759    fake-getaddrinfo.h incorrectly checks for gethostbyname_r errors
2761    move getaddrinfo hacks into support lib for easier maintenance
2763    file ccache should be held open while scanning for credentials
2786    dead code in init_common() causes malloc(0)
2791    hooks for recording statistics on locking behavior
2807    Add VERSIONRC branding to krb5 support dll
2855    Possible thread safety issue in lib/krb5/os/def_realm.c
2856    Need a function to clone krb5_context structs for thread safe apps
2863    windows klist won't link
2880    fix calling convention for thread support fns
2882    Windows 2003 SP1 ktpass.exe generate keytab files fail to load with 1.4
2886    krb5_do_preauth could attempt to free NULL pointer
2931    implement SPNEGO
2932    implement multi-mech GSSAPI
2933    plug-in architecture
2936    supplementary error strings
2959    profile library should check high-resolution timestamps if available
2979    threaded test program built even with thread support disabled
3008    Incorrect cross-references in man pages
3010    Minor path and service man page fixes
3011    krb5-config should never return -I/usr/include
3013    Man pages for fakeka and krb524init
3014    texinfo variable fixes, info dir entries
3030    Bug report: Kinit has no suport for addresses in
        credentials. Kinit -a is not enabled.
3065    Implement RFC 3961 PRF
3086    [Sergio Gelato] Bug#311977: libkrb53: gss_init_sec_context
        sometimes fails to initialise output_token
3088    don't always require support library when building with sun cc
3122    fixes for AIX 5.2 select() and IPv4/IPv6 issues
3129    shlib build problems on HP-UX 10.20 with gcc-3.4.3
3233    kuserok needs to check for uid 99 on Mac OS X
3252    Tru64 compilation fails after k5-int.h/krb5.h changes
3266    Include errno.h in kdc/kerberos_v4.c
3268    kprop should fall back on port 754 rather than failing
3269    telnet help should connect to a host named help
3308    kadmin.local is killed due to segmentation fault when
        principal name argument is missing.
3332    don't destroy uninitialized rcache mutex in error cases
3358    krb5 doesn't build when pthread_mutexattr_setrobust_np is
        defined but not declared
3364    plugins should be thread-safe
3415    Windows 64-bit support
3416    tweak kdb interface for thread safety
3417    move/add thread support to support lib
3423    Add support for utmps interface on HPUX 11.23
3426    trunk builds without thread support are not working
3434    sizeof type should be checked at compile time, not configure time
3438    enhancement: report errno when generic I/O errors happen in kinit
3445    args to ctype.h macros should be cast to unsigned char, not int
3466    ioctl header portability fixes for telnet on GNU/kFreeBSD
3467    Allow GSS_C_NO_OID in krb5_gss_canon_name
3468    udp_preference_limit typo in krb5.conf man page
3490    getpwnam_r status checked incorrectly
3502    Cannot acquire initiator cred using gss_acquire_cred with
        explicit name on Windows
3512    updates to NSIS installer for KFW
3521    Add configurable Build value to File and Product versions for Windows
3549    library double-free with an empty keytab
3607    clients/ksu/setenv.c doesn't build on Solaris
3620    use strerror_r
3668    Prototype for krb5_c_prf missing const
3671    shsUpdate should take an unsigned int for length
3675    unsigned/signed int warnings in krb5_context variables.
3687    initialize cc_version to 0 not NULL
3688    Added CoreFoundation bundle plugin support
3689    build kadm5 headers in generate-files-mac target
3690    build rpc includes in generate-files-mac target.
3697    kadmin hangs indefinitely when admin princ has escaped chars
3706    ipv4+ipv6 messages can trip up KDC replay detection
3714    fix incorrect padata memory allocation in send_tgs.c
3716    Plugin search algorithm should take lists of name and directories
3719    fix bug in flag checking in libdb2 mpool code
3724    need to export kadm5_set_use_password_server
3736    Cleanup a number of cast away from const warnings in gssapi
3739    vsnprintf not present on windows
3746    krb5_cc_gen_new memory implementation doesn't create a new ccache
3761    combine kdc.conf, krb5.conf data in KDC programs
3783    install headers into include/krb5
3790    memory leak in GSSAPI credential releasing code
3791    memory leak in gss_krb5_set_allowable_enctypes error path
3825    krb5int_get_plugin_dir_data() uses + instead of * in realloc
3826    memory leaks in krb5kdc due to not freeing error messages
3854    CCAPI krb4int_save_credentials_addr should match prototype
3866    gld --as-needed not portable enough
3879    Update texinfo.tex
3888    ftpd's getline conflicts with current glibc headers
3898    Export gss_inquire_mechs_for_name for KFW
3899    Export krb5_gss_register_acceptor_identity in KFW
3900    update config.guess and config.sub
3902    g_userok.c has implicit declaration of strlen
3903    various kadm5 files need string.h
3905    warning fixes for spnego
3909    Plugins need to use RTLD_GROUP when available, but definitely
        not RTLD_GLOBAL
3910    fix parallel builds for libgss
3911    getaddrinfo code uses vars outside of storage duration
3918    fix warnings for lib/gssapi/mechglue/g_initialize.c
3920    cease export of krb5_gss_*
3921    remove unimplemented/unused mechglue functions
3922    mkrel should update patchlevel.h prior to reconf
3923    implement RFC4120 behavior on TCP requests with high bit set in length
3924    the krb5_get_server_rcache routine frees already freed memory
        in error path
3925    krb5_get_profile should reflect profile in the supplied context
3927    fix signedness warnings in spnego_mech.c
3928    fix typo in MS_BUG_TEST case in krb5_gss_glue.c
3940    Disable MSLSA: ccache in WOW64 on pre-Vista Beta 2 systems
3942    make gssint_get_mechanism match prototype
3944    write svn log output when building release
3945    mkrel should only generate doc/CHANGES for checkouts
3948    Windows: fix krb5.h generation
3949    fix plugin.c to compile on Windows
3950    autoconf 2.60 compatibility
3951    remove unused dlopen code in lib/gssapi/mechglue/g_initialize.c
3952    fix calling convention for krb5 error-message routines,
        document usage of krb5_get_error_message
3953    t_std_conf references private function due to explicit linking
        of init_os_ctx.o
3954    remove mechglue gss_config's gssint_userok and pname_to_uid
3957    remove unused lib/gssapi/mechglue/g_utils.c
3959    re-order inclusions in spnego_mech.c to avoid breaking system headers
3962    krb5_get_server_rcache double free
3964    "kdb5_util load" to existing db doesn't work, needed for kpropd
3968    fix memory leak in mechglue/g_init_sec_ctx.c
3970    test kdb5_util dump/load functionality in dejagnu
3972    make gss_unwrap match prototype
3974    work around failure to load into nonexistent db

Known bugs by ticket ID:
------------------------

Listed below are the RT tickets for known bugs in krb5-1.5.  Please
see

http://krbdev.mit.edu/rt/NoAuth/krb5-1.5/bugs-1.5.html

for an up-to-date list, including links to the complete tickets.

3947    allow multiple calls to krb5_get_error_message to retrieve message
3956    gssapi compilation errors on Windows
3973    kdb5_util load now fails if db doesn't exist [workaround]

Copyright Notice and Legal Administrivia
----------------------------------------

Copyright (C) 1985-2007 by the Massachusetts Institute of Technology.

All rights reserved.

Export of this software from the United States of America may require
a specific license from the United States Government.  It is the
responsibility of any person or organization contemplating export to
obtain such a license before exporting.

WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
distribute this software and its documentation for any purpose and
without fee is hereby granted, provided that the above copyright
notice appear in all copies and that both that copyright notice and
this permission notice appear in supporting documentation, and that
the name of M.I.T. not be used in advertising or publicity pertaining
to distribution of the software without specific, written prior
permission.  Furthermore if you modify this software you must label
your software as modified software and not distribute it in such a
fashion that it might be confused with the original MIT software.
M.I.T. makes no representations about the suitability of this software
for any purpose.  It is provided "as is" without express or implied
warranty.

THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.

Individual source code files are copyright MIT, Cygnus Support,
OpenVision, Oracle, Sun Soft, FundsXpress, and others.

Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
and Zephyr are trademarks of the Massachusetts Institute of Technology
(MIT).  No commercial use of these trademarks may be made without
prior written permission of MIT.

"Commercial use" means use of a name in a product or other for-profit
manner.  It does NOT prevent a commercial firm from referring to the
MIT trademarks in order to convey information (although in doing so,
recognition of their trademark status should be given).

----

The following copyright and permission notice applies to the
OpenVision Kerberos Administration system located in kadmin/create,
kadmin/dbutil, kadmin/passwd, kadmin/server, lib/kadm5, and portions
of lib/rpc:

   Copyright, OpenVision Technologies, Inc., 1996, All Rights Reserved

   WARNING: Retrieving the OpenVision Kerberos Administration system 
   source code, as described below, indicates your acceptance of the 
   following terms.  If you do not agree to the following terms, do not 
   retrieve the OpenVision Kerberos administration system.

   You may freely use and distribute the Source Code and Object Code
   compiled from it, with or without modification, but this Source
   Code is provided to you "AS IS" EXCLUSIVE OF ANY WARRANTY,
   INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR
   FITNESS FOR A PARTICULAR PURPOSE, OR ANY OTHER WARRANTY, WHETHER
   EXPRESS OR IMPLIED.  IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY
   FOR ANY LOST PROFITS, LOSS OF DATA OR COSTS OF PROCUREMENT OF 
   SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR
   CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, INCLUDING, 
   WITHOUT LIMITATION, THOSE RESULTING FROM THE USE OF THE SOURCE 
   CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR ANY 
   OTHER REASON.

   OpenVision retains all copyrights in the donated Source Code. OpenVision
   also retains copyright to derivative works of the Source Code, whether
   created by OpenVision or by a third party. The OpenVision copyright 
   notice must be preserved if derivative works are made based on the 
   donated Source Code.

   OpenVision Technologies, Inc. has donated this Kerberos 
   Administration system to MIT for inclusion in the standard 
   Kerberos 5 distribution.  This donation underscores our 
   commitment to continuing Kerberos technology development 
   and our gratitude for the valuable work which has been 
   performed by MIT and the Kerberos community.

----

    Portions contributed by Matt Crawford <crawdad@fnal.gov> were
    work performed at Fermi National Accelerator Laboratory, which is
    operated by Universities Research Association, Inc., under
    contract DE-AC02-76CHO3000 with the U.S. Department of Energy.

---- The implementation of the Yarrow pseudo-random number generator
in src/lib/crypto/yarrow has the following copyright:

Copyright 2000 by Zero-Knowledge Systems, Inc.

Permission to use, copy, modify, distribute, and sell this software
and its documentation for any purpose is hereby granted without fee,
provided that the above copyright notice appear in all copies and that
both that copyright notice and this permission notice appear in
supporting documentation, and that the name of Zero-Knowledge Systems,
Inc. not be used in advertising or publicity pertaining to
distribution of the software without specific, written prior
permission.  Zero-Knowledge Systems, Inc. makes no representations
about the suitability of this software for any purpose.  It is
provided "as is" without express or implied warranty.

ZERO-KNOWLEDGE SYSTEMS, INC. DISCLAIMS ALL WARRANTIES WITH REGARD TO
THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS, IN NO EVENT SHALL ZERO-KNOWLEDGE SYSTEMS, INC. BE LIABLE FOR
ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTUOUS ACTION, ARISING OUT
OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

---- The implementation of the AES encryption algorithm in
src/lib/crypto/aes has the following copyright:

 Copyright (c) 2001, Dr Brian Gladman <brg@gladman.uk.net>, Worcester, UK.
 All rights reserved.

 LICENSE TERMS

 The free distribution and use of this software in both source and binary 
 form is allowed (with or without changes) provided that:

   1. distributions of this source code include the above copyright 
      notice, this list of conditions and the following disclaimer;

   2. distributions in binary form include the above copyright
      notice, this list of conditions and the following disclaimer
      in the documentation and/or other associated materials;

   3. the copyright holder's name is not used to endorse products 
      built using this software without specific written permission. 

 DISCLAIMER

 This software is provided 'as is' with no explcit or implied warranties
 in respect of any properties, including, but not limited to, correctness 
 and fitness for purpose.

--- The implementations of GSSAPI mechglue in GSSAPI-SPNEGO in
    src/lib/gssapi, including the following files:

lib/gssapi/generic/gssapi_err_generic.et
lib/gssapi/mechglue/g_accept_sec_context.c
lib/gssapi/mechglue/g_acquire_cred.c
lib/gssapi/mechglue/g_canon_name.c
lib/gssapi/mechglue/g_compare_name.c
lib/gssapi/mechglue/g_context_time.c
lib/gssapi/mechglue/g_delete_sec_context.c
lib/gssapi/mechglue/g_dsp_name.c
lib/gssapi/mechglue/g_dsp_status.c
lib/gssapi/mechglue/g_dup_name.c
lib/gssapi/mechglue/g_exp_sec_context.c
lib/gssapi/mechglue/g_export_name.c
lib/gssapi/mechglue/g_glue.c
lib/gssapi/mechglue/g_imp_name.c
lib/gssapi/mechglue/g_imp_sec_context.c
lib/gssapi/mechglue/g_init_sec_context.c
lib/gssapi/mechglue/g_initialize.c
lib/gssapi/mechglue/g_inq_context.c
lib/gssapi/mechglue/g_inq_cred.c
lib/gssapi/mechglue/g_inq_names.c
lib/gssapi/mechglue/g_process_context.c
lib/gssapi/mechglue/g_rel_buffer.c
lib/gssapi/mechglue/g_rel_cred.c
lib/gssapi/mechglue/g_rel_name.c
lib/gssapi/mechglue/g_rel_oid_set.c
lib/gssapi/mechglue/g_seal.c
lib/gssapi/mechglue/g_sign.c
lib/gssapi/mechglue/g_store_cred.c
lib/gssapi/mechglue/g_unseal.c
lib/gssapi/mechglue/g_verify.c
lib/gssapi/mechglue/mglueP.h
lib/gssapi/mechglue/oid_ops.c
lib/gssapi/spnego/gssapiP_spnego.h
lib/gssapi/spnego/spnego_mech.c

are subject to the following license:

Copyright (c) 2004 Sun Microsystems, Inc.

Permission is hereby granted, free of charge, to any person obtaining a
copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:

The above copyright notice and this permission notice shall be included
in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Acknowledgments
---------------

Thanks to Russ Allbery for contributing and integrating patches from
Debian and other places.

Thanks to Michael Calmer for contributing patches for code clean-up.

Thanks to Novell for donating the KDB abstraction layer.

Thanks to Sun Microsystems for donating their implementations of
mechglue and SPNEGO.

Thanks to the numerous others who reported bugs and/or contributed
patches.

Thanks to iDefense for notifying us about the vulnerability in
MITKRB5-SA-2007-002.

Thanks to the members of the Kerberos V5 development team at MIT, both
past and present: Danilo Almeida, Jeffrey Altman, Justin Anderson,
Richard Basch, Jay Berkenbilt, Mitch Berger, Andrew Boardman, Joe
Calzaretta, John Carr, Don Davis, Alexandra Ellwood, Nancy Gilman,
Matt Hancher, Sam Hartman, Paul Hill, Marc Horowitz, Eva Jacobus,
Miroslav Jurisic, Barry Jaspan, Geoffrey King, Kevin Koch, John Kohl,
Peter Litwack, Scott McGuire, Kevin Mitchell, Cliff Neuman, Paul Park,
Ezra Peisach, Chris Provenzano, Ken Raeburn, Jon Rochlis, Jeff
Schiller, Jen Selby, Brad Thompson, Harry Tsai, Ted Ts'o, Marshall
Vale, Tom Yu.
Something went wrong with that request. Please try again.