From a2dffdc0a85758bd6f04b1c7766ed0b82c7fe420 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Wed, 28 May 2003 04:07:45 +0000 Subject: update for krb5-1.3-beta2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15516 dc483132-0cff-0310-8789-dd5450dbe970 --- README | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 69 insertions(+), 1 deletion(-) diff --git a/README b/README index 72067f829a..60328f0a17 100644 --- a/README +++ b/README @@ -95,6 +95,8 @@ Notes, Major Changes, and Known Bugs for 1.3 can be used to help the compiler and linker find the installed packages; see the build documentation for details. +* The AES cryptosystem has been implemented. + Major changes listed by ticket ID --------------------------------- @@ -123,9 +125,19 @@ Major changes listed by ticket ID * [1189, 1251] The KfM krb4 library source base has been merged. +* [1191] A new script, k5srvutil, may be used to manipulate keytabs in + ways similar to the krb4 ksrvutil utility. + +* [1281] The "fakeka" program, which emulates the AFS kaserver, has + been integrated. Thanks to Ken Hornstein. + * [1377, 1442, 1443] The Microsoft set-password protocol has been implemented. Thanks to Paul Nelson. +* [1372] There is no longer a need to create a special keytab for + kadmind. The legacy administration daemons "kadmind4" and + "v5passwdd" will still require a keytab, though. + * [1385, 1395, 1410] The krb4 protocol vulnerabilities [MITKRB5-SA-2003-004] have been worked around. Note that this will disable krb4 cross-realm functionality, as well as krb4 triple-DES @@ -144,6 +156,9 @@ Major changes listed by ticket ID * [1418, 1429, 1446, 1484, 1486, 1487] The AES cryptosystem has been implemented. It is not usable for GSSAPI, though. +* [1491] The client-side functionality of the krb524 library has been + moved into the krb5 library. + Minor changes listed by ticket ID --------------------------------- @@ -197,6 +212,9 @@ Minor changes listed by ticket ID * [935] des-cbc-md4 now included in default enctypes. +* [939] A minor grammatical error has been fixed in a telnet client + error message. + * [953] des3 no longer failing on Windows due to SHA1 implementation problems. @@ -240,6 +258,9 @@ Minor changes listed by ticket ID * [1164] krb5_auth_con_gen_addrs() now properly returns errno instead of -1 if getpeername() fails. +* [1173] Address-less forwardable tickets will remain address-less + when forwarded. + * [1178, 1228, 1244, 1246, 1249] Test suite has been stabilized somewhat. @@ -250,9 +271,14 @@ Minor changes listed by ticket ID * [1194] configure will no longer recurse out of the top of the source tree when attempting to locate the top of the source tree. +* [1192] Documentation for the krb5 afs functionality of krb524d has + been written. + * [1195] Example krb5.conf file modified to include all enctypes supported by the release. +* [1202] The KDC no longer rejects unrecognized flags. + * [1211] The ASN.1 code no longer passes (harmless) uninitialized values around. @@ -267,6 +293,9 @@ Minor changes listed by ticket ID * [1226] Client-side support for SAM hardware-based preauth implemented. +* [1229] The keytab search logic no longer fails prematurely if an + incorrect encryption type is found. Thanks to Wyllys Ingersoll. + * [1232] If the master KDC cannot be resolved, but a slave is reachable, the client library now returns the real error from the slave rather than the resolution failure from the master. Thanks to @@ -290,6 +319,12 @@ Minor changes listed by ticket ID preference to attempting to use expired ticketes. Thanks to Ben Cox. +* [1262] Sequence numbers are now unsigned; negative sequence numbers + will be accepted for the purposes of backwards compatibility. + +* [1263] A heuristic for matching the incorrectly encoded sequence + numbers emitted by Heimdal implementations has been written. + * [1284] kshd accepts connections by IPv6 now. * [1292] kvno manpage title fixed. @@ -360,7 +395,11 @@ Minor changes listed by ticket ID * [1440] errno is no longer explicitly declared. -* [1454] The etype-info2 preauth type is now supported. +* [1441] kadmind should now return useful errors if an unrecognized + version is received in a changepw request. + +* [1454, 1480, 1517, 1525] The etype-info2 preauth type is now + supported. * [1459] (KfM/KLL internal) config file resolution can now be prevented from accessing the user's homedir. @@ -380,6 +419,27 @@ Minor changes listed by ticket ID * [1482] RFC-1964 OIDs now provided using the suggested symbolic names. +* [1483, 1528] KRB5_DEPRECATED is now false by default on all + platforms. + +* [1488] The KDC will now return integrity errors if a decryption + error is responsible for preauthentication failure. + +* [1492] The autom4te.cache directories are now deleted from the + release tarfiles. + +* [1501] Writable keytabs are registered by default. + +* [1515] The check for cross-realm TGTs no longer reads past the end + of an array. + +* [1518] The kdc_default_options option is now actually honored. + +* [1519] The changepw protocol implementation in kadmind now logs + password changes. + +* [1520] Documentation of OS-specific build options has been updated. + --[ DELETE BEFORE RELEASE ---changes to unreleased code, etc.--- ]-- * [1054] KRB-CRED messages for RC4 are encrypted now. @@ -392,6 +452,8 @@ Minor changes listed by ticket ID * [1223] asn1_decode_oid, asn1_encode_oid implemented +* [1248] RC4 is explicitly excluded from combine_keys. + * [1276] Generated dependencies handle --without-krb4 properly now. * [1384, 1413] Use of autoconf-2.52 in util/reconf will now cause a @@ -410,6 +472,12 @@ Minor changes listed by ticket ID * [1477] compile_et output not used in err_txt.c. +* [1495] KfM now exports string_to_key_with_params. + +* [1512, 1522] afs_string_to_key now works with etype_info2. + +* [1514] krb5int_populate_gic_opt returns void now. + Copyright Notice and Legal Administrivia ---------------------------------------- -- cgit