Fetching latest commit…
Cannot retrieve the latest commit at this time
|Failed to load latest commit information.|
Kerberos Version 5, Release 1.3 Release Notes The MIT Kerberos Team Unpacking the Source Distribution --------------------------------- The source distribution of Kerberos 5 comes in a gzipped tarfile, krb5-1.3.tar.gz. Instructions on how to extract the entire distribution follow. If you have the GNU tar program and gzip installed, you can simply do: gtar zxpf krb5-1.3.tar.gz If you don't have GNU tar, you will need to get the FSF gzip distribution and use gzcat: gzcat krb5-1.3.tar.gz | tar xpf - Both of these methods will extract the sources into krb5-1.3/src and the documentation into krb5-1.3/doc. Building and Installing Kerberos 5 ---------------------------------- The first file you should look at is doc/install-guide.ps; it contains the notes for building and installing Kerberos 5. The info file krb5-install.info has the same information in info file format. You can view this using the GNU emacs info-mode, or by using the standalone info file viewer from the Free Software Foundation. This is also available as an HTML file, install.html. Other good files to look at are admin-guide.ps and user-guide.ps, which contain the system administrator's guide, and the user's guide, respectively. They are also available as info files kerberos-admin.info and krb5-user.info, respectively. These files are also available as HTML files. If you are attempting to build under Windows, please see the src/windows/README file. Reporting Bugs -------------- Please report any problems/bugs/comments using the krb5-send-pr program. The krb5-send-pr program will be installed in the sbin directory once you have successfully compiled and installed Kerberos V5 (or if you have installed one of our binary distributions). If you are not able to use krb5-send-pr because you haven't been able compile and install Kerberos V5 on any platform, you may send mail to email@example.com. You may view bug reports by visiting http://krbdev.mit.edu/rt/ and logging in as "guest" with password "guest". Notes, Major Changes, and Known Bugs for 1.3 -------------------------------------------- * We now install the compile_et program, so other packages can use the installed com_err library with their own error tables. (If you use our com_err code, that is; see below.) * The header files we install now assume ANSI/ISO C ('89, not '99). We have stopped testing on SunOS 4, even with gcc. Some of our code now has C89-based assumptions, like free(NULL) being well defined, that will probably frustrate any attempts to run this code under SunOS 4 or other pre-C89 systems. * Some new code, bug fixes, and cleanup for IPv6 support. Most of the code should support IPv6 transparently now. The RPC code (and therefore the admin system, which is based on it) does not yet support IPv6. The support for Kerberos 4 may work with IPv6 in very limited ways, if the address checking is turned off. The FTP client and server do not have support for the new protocol messages needed for IPv6 support (RFC 2429). * We have upgraded to autoconf 2.52 (or later), and the syntax for specifying certain configuration options have changed. For example, autoconf 2.52 configure scripts let you specify command-line options like "configure CC=/some/path/foo-cc", so we have removed some of our old options like --with-cc in favor of this approach. * The client libraries can now use TCP to connect to the KDC. This may be necessary when talking to Microsoft KDCs (domain controllers), if they issue you tickets with lots of PAC data. * If you have versions of the com_err or ss installed locally, you can use the --with-system-et and --with-system-ss configure options to use them rather than using the versions supplied here. Note that the interfaces are assumed to be similar to those we supply; in particular, some older, divergent versions of the com_err library may not work with the krb5 sources. Many configure-time variables can be used to help the compiler and linker find the installed packages; see the build documentation for details. * The AES cryptosystem has been implemented. However, support in the Kerberos GSSAPI mechanism has not been written (or even fully specified), so it's not fully enabled. See the documentation for details. Major changes listed by ticket ID --------------------------------- *  PRNG breakage on 64-bit platforms no longer an issue due to new PRNG implementation. *  Client library is now compatible with the RC4-based cryptosystem used by Windows 2000. *  krb4 long lifetime support has been implemented. *  krb5_gss_register_acceptor_identity() implemented (is called gsskrb5_register_acceptor_identity() by Heimdal). *  ftpd no longer requires channel bindings, allowing easier use of ftp from behind a NAT. * [1156, 1209] It is now possible to use the system com_err to build this release. *  TCP support added to client library. *  TCP support added to the KDC, but is disabled by default. *  autoconf-2.5x is now required by the build system. *  It is now possible to use the system Berkeley/Sleepycat DB library to build this release. * [1189, 1251] The KfM krb4 library source base has been merged. *  The default KDC master key type is now triple-DES. KDCs being updated may need their config files updated if they are not already specifying the master key type. *  The default ticket lifetime and default maximum renewable ticket lifetime have been extended to one day and one week, respectively. *  A new script, k5srvutil, may be used to manipulate keytabs in ways similar to the krb4 ksrvutil utility. *  The "fakeka" program, which emulates the AFS kaserver, has been integrated. Thanks to Ken Hornstein. *  The KDC now defaults to not answering krb4 requests. *  Addressless tickets are requested by default now. *  There is no longer a need to create a special keytab for kadmind. The legacy administration daemons "kadmind4" and "v5passwdd" will still require a keytab, though. * [1377, 1442, 1443] The Microsoft set-password protocol has been implemented. Thanks to Paul Nelson. * [1385, 1395, 1410] The krb4 protocol vulnerabilities [MITKRB5-SA-2003-004] have been worked around. Note that this will disable krb4 cross-realm functionality, as well as krb4 triple-DES functionality. Please see doc/krb4-xrealm.txt for details of the patch. *  The xdrmem integer overflows [MITKRB5-SA-2003-003] have been fixed. *  The krb5_principal buffer bounds problems [MITKRB5-SA-2003-005] have been fixed. Thanks to Nalin Dahyabhai. *  Subsession key negotiation has been fixed to allow for server-selected subsession keys in the future. * [1418, 1429, 1446, 1484, 1486, 1487, 1535, 1621] The AES cryptosystem has been implemented. It is not usable for GSSAPI, though. *  The client-side functionality of the krb524 library has been moved into the krb5 library. *  SRV record support exists for Kerberos v4. *  The heuristic for locating the Kerberos v4 KDC by prepending "kerberos." to the realm name if no config file or DNS information is available has been removed. * [1568, 1067] A krb524 stub library is built on Windows. Minor changes listed by ticket ID --------------------------------- *  default_principal_flags documented. *  Docs refer to appropriate example domains/IPs now. *  kadmin no longer complains about missing kdc.conf parameters when it really means krb5.conf parameters. *  Run-time load path for tcl is set now when linking test programs. *  --includedir honored now. *  unused argument in try_krb4() in login.c deleted. *  The des_read_pw_string() function in libdes425 has been aligned with the original krb4 and CNS APIs. *  login.krb5 handles SIGHUP more sanely now and thus avoids getting the session into a weird state w.r.t. job control. *  krb4 encrypted rcp should work a little better now. Thanks to Greg Hudson. *  libtelnet/kerberos5.c no longer uses internal include files. *  Weird echoing of admin password in kadmin client worked around by not using buffered stdio calls to read passwords. *  The build system has been reworked to allow the user to set CFLAGS, LDFLAGS, CPPFLAGS, etc. reasonably. *  Related to , rewrite krb5_prompter_posix() to no longer use longjmp(), thus avoiding some bugs relating to non-restoration of terminal settings. *  login.krb5 no longer zeroes out the terminal window size. *  decomp_ticket() in libkrb4 now looks up the local realm name more correctly. Thanks to Booker Bense. *  .rconf files are excluded from the release now. *  LOG_AUTHPRIV syslog facility is now usable for logging on systems that support it. *  krshd now syslogs using the LOG_AUTH facility. *  Berekely DB build is better integrated into the krb5 library build process. *  lib/krb5/os/localaddr.c and kdc/network.c use a common source for local address enumeration now. *  gss-client now correctly deletes the context on error. *  kdc/network.c problems relating to SIOCGIFCONF have been fixed. *  An overflow in the string-to-time conversion routines has been fixed. *  krb524d now handles single-DES session keys other than of type des-cbc-crc. *  des-cbc-md4 now included in default enctypes. *  A minor grammatical error has been fixed in a telnet client error message. *  des3 no longer failing on Windows due to SHA1 implementation problems. *  kdb_init_hist() no longer fails if master_key_enctype is not in supported_enctypes. *  A minor inconsistency in ccache.tex has been fixed. *  option parsing bugs rendered irrelevant by removal of unused gss mechanism. *  make install mentioned in build documentation. *  Related to , problems with the ordering of LDFLAGS initialization rendered irrelevant by use of native autoconf idioms. *  Related to , quirks with --with-cc no longer relevant as AC_PROG_CC is used instead now. *  The kdc_default_options configuration variable is now honored. Thanks to Emily Ratliff. *  Client library, as well as KDC, now perform reasonable sorting of ETYPE-INFO preauthentication data. *  NULL pointer dereferences in code calling krb5_change_password() have been fixed. *  Initial credentials acquisition failures related to client host having a large number of local network interfaces should be fixed now. *  Incorrect option parsing in the gssapi library is no longer relevant due to removal of the "v2" mechanism. * [1065, 1225] krb5_get_init_creds_password() should properly warn about password expiration. *  printf() argument mismatches in rpc unit tests fixed. *  The krb5.conf manpage has been re-synchronized with other documentation. *  gssapi_generic.h should now work with C++. *  The kadm5 ACL system is better documented. *  Some documentation for the setup of cross-realm authentication has been added. *  krb5_auth_con_gen_addrs() now properly returns errno instead of -1 if getpeername() fails. *  Address-less forwardable tickets will remain address-less when forwarded. * [1178, 1228, 1244, 1246, 1249] Test suite has been stabilized somewhat. *  As part of the modernization of our usage of autoconf, AC_CONFIG_FILES is now used instead of passing a list of files to AC_OUTPUT. *  configure will no longer recurse out of the top of the source tree when attempting to locate the top of the source tree. *  Documentation for the krb5 afs functionality of krb524d has been written. *  Example krb5.conf file modified to include all enctypes supported by the release. *  The KDC no longer rejects unrecognized flags. *  krb5_get_init_creds_keytab() no longer does a double-free. *  The ASN.1 code no longer passes (harmless) uninitialized values around. *  libkadm5 now allows for persistent exclusive database locks. *  krb5_read_password() and des_read_password() are now implemented via krb5_prompter_posix(). *  For SAM challenges, omitted optional strings are no longer encoded as zero-length strings. *  Client-side support for SAM hardware-based preauth implemented. *  The keytab search logic no longer fails prematurely if an incorrect encryption type is found. Thanks to Wyllys Ingersoll. *  If the master KDC cannot be resolved, but a slave is reachable, the client library now returns the real error from the slave rather than the resolution failure from the master. Thanks to Ben Cox. *  Assigned numbers for SAM preauth have been corrected. sam-pk-for-sad implementation has been aligned. *  Profile-sharing optimizations from KfM have been merged. *  Windows calling conventions for krb5int_c_combine_keys() have been aligned. *  Build system incompatibilities with Debian's chimeric autoconf installation have been worked around. *  Incorrect sizes passed to memset() in combine_keys() operations have been corrected. *  Client credential lookup now gets new service tickets in preference to attempting to use expired ticketes. Thanks to Ben Cox. * [1262, 1572] Sequence numbers are now unsigned; negative sequence numbers will be accepted for the purposes of backwards compatibility. *  A heuristic for matching the incorrectly encoded sequence numbers emitted by Heimdal implementations has been written. *  kshd accepts connections by IPv6 now. *  kvno manpage title fixed. *  Source files no longer explicitly attempt to declare errno. *  kadmind4 no longer leaves sa_flags uninitialized. *  Expired tickets now cause KfM to pop up a password dialog. *  krb5_send_tgs() no longer leaks the storage associated with the TGS-REQ. *  kadm5_get_either() no longer leaks regexp library memory. *  Output from krb5-config no longer contains spurious uses of $(PURE). *  The KDC no longer logs an inappropriate "no matching key" error when an encrypted timestamp preauth password is incorrect. *  The KDC now returns a clockskew error when the timestamp in the encrypted timestamp preauth is out of bounds, rather than just returning a preauthentcation failure. *  gawk is no longer required for building kerbsrc.zip for the Windows build. *  gss_krb5_ccache_name() no longer attempts to return a pointer to freed memory. *  The filename globbing vulnerability [CERT VU#258721] in the ftp client's handling of filenames beginning with "|" or "-" returned from the "mget" command has been fixed. *  GSS_C_PROT_READY_FLAG is no longer asserted inappropriately during GSSAPI context establishment. *  krb5_gss_accept_sec_context() no longer attempts to validate a null credential if one is passed in. *  The "-a user" option to telnetd now does the right thing. Thanks to Nathan Neulinger. *  ksu no longer inappropriately syslogs to stderr. *  krb__get_srvtab_name() no longer leaks memory. *  GSS_C_NO_CREDENTIAL now accepts any principal in the keytab. *  Handling of SAM preauth no longer attempts to stuff a size_t into an unsigned int. *  BIND versions later than 8 now supported. *  The getaddrinfo() wrapper should work better on AIX. *  If DO_TIME is not set in the auth_context, and no replay cache is available, no replay cache will be used. * [1406, 1108] libdb is no longer installed. If you installed krb5-1.3-alpha1, you should ensure that no spurious libdb is left in your install tree. *  ETYPE_INFO handling no longer goes into an infinite loop. *  libtelnet is now built using the same library build framework as the rest of the tree. *  A minor memory leak in krb5_read_password() has been fixed. *  A memory leak in asn1_decode_kdc_req_body() has been fixed. *  inet_ntop() is now emulated when needed. *  krb5_free_pwd_sequences() now correctly frees the entire sequence of elements. *  errno is no longer explicitly declared. *  kadmind should now return useful errors if an unrecognized version is received in a changepw request. * [1454, 1480, 1517, 1525] The etype-info2 preauth type is now supported. *  (KfM/KLL internal) config file resolution can now be prevented from accessing the user's homedir. *  Preauth handling in the KDC has been reorganized. *  Double-free in client-side preauth code fixed. *  Ticket forwarding when the TGS and the end service have different enctypes should work somewhat better now. *  ASN.1 testsuite memory management has been cleaned up a little to allow for memory leak checking. *  Documentation updated to reflect default krb4 mode. *  RFC-1964 OIDs now provided using the suggested symbolic names. * [1483, 1528] KRB5_DEPRECATED is now false by default on all platforms. *  The KDC will now return integrity errors if a decryption error is responsible for preauthentication failure. *  The autom4te.cache directories are now deleted from the release tarfiles. *  Writable keytabs are registered by default. *  The check for cross-realm TGTs no longer reads past the end of an array. *  The kdc_default_options option is now actually honored. *  The changepw protocol implementation in kadmind now logs password changes. *  Documentation of OS-specific build options has been updated. *  A missing prototype for krb5_db_iterate_ext() has been added. *  An incorrect path to kdc.conf show in the kdc.conf manpage has been fixed. *  verify_as_reply() will only check the "renew-till" time against the "till" time if the RENEWABLE is not set in the request. *  gssftpd no longer uses vfork(), as this was causing problems under RedHat 9. *  SRV records with a value of "." are now interpreted as a lack of support for the protocol. *  The undocumented (and confusing!) kdc_supported_enctypes kdc.conf variable is no longer used. *  Some spurious double-colons in password prompts have been fixed. *  The test suite tries a little harder to get a root shell. *  The KfM build process now sets localstatedir=/var/db. * [1576, 1575] The client library no longer requests RENEWABLE_OK if the renew lifetime is greater than the ticket lifetime. *  A more standard autoconf test to locate the C compiler allows for gcc to be found by default without additional configuration arguments. *  Replay cache filenames are now escaped with hyphens, not backslashes. *  MacOS 9 support removed from in-tree com_err. *  Fixed a memory leak in make_ap_req_v1(). Thanks to Kent Wu. *  Fixed a memory leak in krb5_gss_init_sec_context(), and an uninitialized memory reference in kg_unseal_v1(). Thanks to Kent Wu. *  kerberos-iv SRV records are now documented. *  Fixed AES credential delegation under GSSAPI. *  ms2mit no longer inserts local addresses into tickets converted from the MS ccache if they began as addressless tickets. *  etype_info parser (once again) accepts extra field emitted by Heimdal. *  Some typos in kdc.conf.M have been fixed. *  For consistency, leading spaces before preprocessor directives in profile.h have been removed. Copyright Notice and Legal Administrivia ---------------------------------------- Copyright (C) 1985-2003 by the Massachusetts Institute of Technology. All rights reserved. Export of this software from the United States of America may require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. Furthermore if you modify this software you must label your software as modified software and not distribute it in such a fashion that it might be confused with the original MIT software. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. Individual source code files are copyright MIT, Cygnus Support, OpenVision, Oracle, Sun Soft, FundsXpress, and others. Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, and Zephyr are trademarks of the Massachusetts Institute of Technology (MIT). No commercial use of these trademarks may be made without prior written permission of MIT. "Commercial use" means use of a name in a product or other for-profit manner. It does NOT prevent a commercial firm from referring to the MIT trademarks in order to convey information (although in doing so, recognition of their trademark status should be given). ---- The following copyright and permission notice applies to the OpenVision Kerberos Administration system located in kadmin/create, kadmin/dbutil, kadmin/passwd, kadmin/server, lib/kadm5, and portions of lib/rpc: Copyright, OpenVision Technologies, Inc., 1996, All Rights Reserved WARNING: Retrieving the OpenVision Kerberos Administration system source code, as described below, indicates your acceptance of the following terms. If you do not agree to the following terms, do not retrieve the OpenVision Kerberos administration system. You may freely use and distribute the Source Code and Object Code compiled from it, with or without modification, but this Source Code is provided to you "AS IS" EXCLUSIVE OF ANY WARRANTY, INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, OR ANY OTHER WARRANTY, WHETHER EXPRESS OR IMPLIED. IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY FOR ANY LOST PROFITS, LOSS OF DATA OR COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, INCLUDING, WITHOUT LIMITATION, THOSE RESULTING FROM THE USE OF THE SOURCE CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR ANY OTHER REASON. OpenVision retains all copyrights in the donated Source Code. OpenVision also retains copyright to derivative works of the Source Code, whether created by OpenVision or by a third party. The OpenVision copyright notice must be preserved if derivative works are made based on the donated Source Code. OpenVision Technologies, Inc. has donated this Kerberos Administration system to MIT for inclusion in the standard Kerberos 5 distribution. This donation underscores our commitment to continuing Kerberos technology development and our gratitude for the valuable work which has been performed by MIT and the Kerberos community. ---- Portions contributed by Matt Crawford <firstname.lastname@example.org> were work performed at Fermi National Accelerator Laboratory, which is operated by Universities Research Association, Inc., under contract DE-AC02-76CHO3000 with the U.S. Department of Energy. ---- The implementation of the Yarrow pseudo-random number generator in src/lib/crypto/yarrow has the following copyright: Copyright 2000 by Zero-Knowledge Systems, Inc. Permission to use, copy, modify, distribute, and sell this software and its documentation for any purpose is hereby granted without fee, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of Zero-Knowledge Systems, Inc. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. Zero-Knowledge Systems, Inc. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. ZERO-KNOWLEDGE SYSTEMS, INC. DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL ZERO-KNOWLEDGE SYSTEMS, INC. BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTUOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ---- The implementation of the AES encryption algorithm in src/lib/crypto/aes has the following copyright: Copyright (c) 2001, Dr Brian Gladman <email@example.com>, Worcester, UK. All rights reserved. LICENSE TERMS The free distribution and use of this software in both source and binary form is allowed (with or without changes) provided that: 1. distributions of this source code include the above copyright notice, this list of conditions and the following disclaimer; 2. distributions in binary form include the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other associated materials; 3. the copyright holder's name is not used to endorse products built using this software without specific written permission. DISCLAIMER This software is provided 'as is' with no explcit or implied warranties in respect of any properties, including, but not limited to, correctness and fitness for purpose. Acknowledgements ---------------- Appreciation Time!!!! There are far too many people to try to thank them all; many people have contributed to the development of Kerberos V5. This is only a partial listing.... Thanks to Paul Vixie and the Internet Software Consortium for funding the work of Barry Jaspan. This funding was invaluable for the OV administration server integration, as well as the 1.0 release preparation process. Thanks to John Linn, Scott Foote, and all of the folks at OpenVision Technologies, Inc., who donated their administration server for use in the MIT release of Kerberos. Thanks to Jeff Bigler, Mark Eichin, Marc Horowitz, Nancy Gilman, Ken Raeburn, and all of the folks at Cygnus Support, who provided innumerable bug fixes and portability enhancements to the Kerberos V5 tree. Thanks especially to Jeff Bigler, for the new user and system administrator's documentation. Thanks to Doug Engert from ANL for providing many bug fixes, as well as testing to ensure DCE interoperability. Thanks to Ken Hornstein at NRL for providing many bug fixes and suggestions, and for working on SAM preauthentication. Thanks to Matt Crawford at FNAL for bugfixes and enhancements. Thanks to Sean Mullan and Bill Sommerfeld from Hewlett Packard for their many suggestions and bug fixes. Thanks to Nalin Dahyabhai of RedHat and Chris Evans for locating and providing patches for numerous buffer overruns. Thanks to Christopher Thompson and Marcus Watts for discovering the ftpd security bug. Thanks to Paul Nelson of Thursby Software Systems for implementing the Microsoft set password protocol. Thanks to the members of the Kerberos V5 development team at MIT, both past and present: Danilo Almeida, Jeffrey Altman, Jay Berkenbilt, Richard Basch, Mitch Berger, John Carr, Don Davis, Alexandra Ellwood, Nancy Gilman, Matt Hancher, Sam Hartman, Paul Hill, Marc Horowitz, Eva Jacobus, Miroslav Jurisic, Barry Jaspan, Geoffrey King, John Kohl, Peter Litwack, Scott McGuire, Kevin Mitchell, Cliff Neuman, Paul Park, Ezra Peisach, Chris Provenzano, Ken Raeburn, Jon Rochlis, Jeff Schiller, Jen Selby, Brad Thompson, Harry Tsai, Ted Ts'o, Marshall Vale, Tom Yu.