From 97774f52b594fb9fa6bbba94076fb04b5c9a8cfd Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Thu, 2 Sep 1999 21:53:16 +0000 Subject: updated with 1.1 info, but made clearly distinct from 1.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11783 dc483132-0cff-0310-8789-dd5450dbe970 --- README | 153 ++++++++++++++++++++++++----------------------------------------- 1 file changed, 55 insertions(+), 98 deletions(-) diff --git a/README b/README index 43e70c9387..35d4b55c1d 100644 --- a/README +++ b/README @@ -1,18 +1,19 @@ - Kerberos Version 5, Release 1.0 +these were the + Kerberos Version 5, Release 1.1 Release Notes - +which will be updated before the next release by The MIT Kerberos Team Unpacking the Source Distribution --------------------------------- The source distribution of Kerberos 5 comes in three gzipped tarfiles, -krb5-1.0.src.tar.gz, krb5-1.0.doc.tar.gz, and krb5-1.0.crypto.tar.gz. -The krb5-1.0.doc.tar.gz contains the doc/ directory and this README -file. The krb5-1.0.src.tar.gz contains the src/ directory and this +krb5-1.1.src.tar.gz, krb5-1.1.doc.tar.gz, and krb5-1.1.crypto.tar.gz. +The krb5-1.1.doc.tar.gz contains the doc/ directory and this README +file. The krb5-1.1.src.tar.gz contains the src/ directory and this README file, except for the crypto library sources, which are in -krb5-1.0.crypto.tar.gz. +krb5-1.1.crypto.tar.gz. Instruction on how to extract the entire distribution follow. These directions assume that you want to extract into a directory called @@ -22,56 +23,21 @@ If you have the GNU tar program and gzip installed, you can simply do: mkdir DIST cd DIST - gtar zxpf krb5-1.0.src.tar.gz - gtar zxpf krb5-1.0.crypto.tar.gz - gtar zxpf krb5-1.0.doc.tar.gz + gtar zxpf krb5-1.1.src.tar.gz + gtar zxpf krb5-1.1.crypto.tar.gz + gtar zxpf krb5-1.1.doc.tar.gz If you don't have GNU tar, you will need to get the FSF gzip distribution and use gzcat: mkdir DIST cd DIST - gzcat krb5-1.0.src.tar.gz | tar xpf - - gzcat krb5-1.0.crypto.tar.gz | tar xpf - - gzcat krb5-1.0.doc.tar.gz | tar xpf - - -Both of these methods will extract the sources into DIST/krb5-1.0/src -and the documentation into DIST/krb5-1.0/doc. - -Unpacking the Binary Distribution ---------------------------------- - -Binary distributions of Kerberos V5 are provided merely as convenience -to those people who wish to try out Kerberos V5 without needing to do -a full compile of Kerberos. - -MIT and the MIT Kerberos V5 development team make no guarantees that -we will continue to supply binary distributions for future releases of -Kerberos V5, or for any operating system/platform in particular. -These binary distributions have been prepared by members of the MIT -Kerberos V5 development team, or by volunteers who have graciously -agreed to test the pre-release snapshot. Each binary build is PGP -signed by the person who prepared the binary distribution for that -particular platform. - -While the binary distribution is *supposed* to correspond exactly to -the 1.0 Kerberos V5 source release, you have no way of knowing whether -the person who prepared the binary release might have inserted a -trojan horse, or a trapdoor. For all you know, the binary -distribution might be mailing all of your Kerberos keys to -kremvax!boris. (The same is true for the source distribution, but at -least you can audit the code yourself!) - -For this reason, if you are planning on using Kerberos V5 in -production, we strongly suggest that you obtain the source -distribution and compile it from source yourself. - -The binary distributions have been compiled so that they will install -in /usr/local. To install, su to root and and type the command: - - cd /usr/local - gunzip < /tmp/krb5-1.0..tar.gz | tar xvf - + gzcat krb5-1.1.src.tar.gz | tar xpf - + gzcat krb5-1.1.crypto.tar.gz | tar xpf - + gzcat krb5-1.1.doc.tar.gz | tar xpf - +Both of these methods will extract the sources into DIST/krb5-1.1/src +and the documentation into DIST/krb5-1.1/doc. Building and Installing Kerberos 5 ---------------------------------- @@ -99,54 +65,43 @@ If you are not able to use krb5-send-pr because you haven't been able compile and install Kerberos V5 on any platform, you may send mail to krb5-bugs@mit.edu. -Notes and Major Changes ------------------------ - -* We are now using the GNATS system to track bug reports for Kerberos -V5. It is therefore helpful for people to use the krb5-send-pr -program when reporting bugs. The old interface of sending mail to -krb5-bugs@mit.edu will still work; however, bug reports sent in this -fashion may experience a delay in being processed. - -* The default keytab name has changed from /etc/v5srvtab to -/etc/krb5.keytab. - -* login.krb5 no longer defaults to getting krb4 tickets. - -* The Windows (win16) DLL, LIBKRB5.DLL, has been renamed to -KRB5_16.DLL. This change was necessary to distinguish it from the -win32 version, which will be named KRB5_32.DLL. Note that the -GSSAPI.DLL file has not been renamed, because this name was specified -in a draft standard for the Windows 16 GSSAPI bindings. (The 32-bit -version of the GSSAPI DLL will be named GSSAPI32.DLL.) - -* The directory structure used for installations has changed. In -particular, files previously located in $prefix/lib/krb5kdc are now -normally located in $sysconfdir/krb5kdc. With the normal configure -options, this means the KDC database goes in /usr/local/var/krb5kdc by -default. If you wish to have the old behavior, then you would use a -configure line like the following: - - configure --prefix=/usr/local --sysconfdir=/usr/local/lib - -* kshd has been modified to accept krb4 encrypted rcp connections; for -this to work, the v4rcp program must be in the bin directory. - -* The gssrpc library has symbol collisions with the rpc library in -some of the libcs in certain operating systems without shared -libraries, notably some ports of NetBSD and MkLinux. For those -platforms which have rpc in libc and also contain NIS in libc, -compiling with static libraries will not work because of this -conflict. NetBSD users can either upgrade to the current tree, which -includes shared libraries for more ports, choose not to build kadmind -or kadmin, or recompile NetBSD without NIS support. MkLinux users -must either recompile without NIS or not build the administration -system. +Notes, Major Changes, and Known Bugs +------------------------------------ + +* Triple DES support is included; however, it is only usable for + service keys at the moment, due to a large number of compatibility + issues. For example, the GSSAPI library has some (buggy) support + for a triple DES session key, but it is intentionally disabled. + More here later. + +* The lib/rpc tests do not appear to work under NetBSD-1.4, for + reasons that are not completely clear at the moment, but probably + have something to do with portmapper interfacing. This should not + affect other operations, such as kadmind operation. + +* Shared library builds are under a new framework; at this point only + Solaris, Irix, NetBSD, and possibly Linux are known to work. All + other working shared library builds may be figments of your + imagination. + +* Many existing databases, especially those converted from krb4 + original databases, may contain expiration dates in 1999. You + should make sure to update these expiration dates, and also change + any config file entries that have two-digit years. + +* Not all reported bugs have been fixed in this release, due to time + constraints. We are planning to make another release in the near + future with more complete triple DES support, and additional + bugfixes. Many of the bugs in our database are reported against + what is now quite old code, or require hardware that we do not have, + which make them difficult to reproduce and debug. We will work on + these older bugs and some externally submitted patches for the + following release. Copyright Notice and Legal Administrivia ---------------------------------------- -Copyright (C) 1996 by the Massachusetts Institute of Technology. +Copyright (C) 1985-1999 by the Massachusetts Institute of Technology. All rights reserved. @@ -171,7 +126,7 @@ IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. Individual source code files are copyright MIT, Cygnus Support, -OpenVision, Oracle, Sun Soft, and others. +OpenVision, Oracle, Sun Soft, FundsXpress, and others. Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, and Zephyr are trademarks of the Massachusetts Institute of Technology @@ -253,7 +208,9 @@ Thanks to Sean Mullan and Bill Sommerfeld from Hewlett Packard for their many suggestions and bug fixes. Thanks to the members of the Kerberos V5 development team at MIT, both -past and present: Jay Berkenbilt, Richard Basch, John Carr, Don -Davis, Nancy Gilman, Sam Hartman, Marc Horowitz, Barry Jaspan, John -Kohl, Cliff Neuman, Kevin Mitchell, Paul Park, Ezra Peisach, Chris -Provenzano, Jon Rochlis, Jeff Schiller, Harry Tsai, Ted Ts'o, Tom Yu. +past and present: Danillo Almeida, Jay Berkenbilt, Richard Basch, John +Carr, Don Davis, Alexis Ellwood, Nancy Gilman, Matt Hancher, Sam +Hartman, Paul Hill, Marc Horowitz, Eva Jacobus, Barry Jaspan, Geoffrey +King, John Kohl, Scott McGuire, Kevin Mitchell, Cliff Neuman, Paul +Park, Ezra Peisach, Chris Provenzano, Ken Raeburn, Jon Rochlis, Jeff +Schiller, Harry Tsai, Ted Ts'o, Marshall Vale, Tom Yu. -- cgit