From bf302784f8740558a698070bce3418d6f3c66b7d Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Mon, 9 Jun 2003 22:40:08 +0000 Subject: update for krb5-1.3-beta3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15605 dc483132-0cff-0310-8789-dd5450dbe970 --- README | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 70 insertions(+), 8 deletions(-) (limited to 'README') diff --git a/README b/README index e146d15f39..3cecfda922 100644 --- a/README +++ b/README @@ -164,16 +164,20 @@ Major changes listed by ticket ID * [1415] Subsession key negotiation has been fixed to allow for server-selected subsession keys in the future. -* [1418, 1429, 1446, 1484, 1486, 1487] The AES cryptosystem has been - implemented. It is not usable for GSSAPI, though. +* [1418, 1429, 1446, 1484, 1486, 1487, 1535] The AES cryptosystem has + been implemented. It is not usable for GSSAPI, though. * [1491] The client-side functionality of the krb524 library has been moved into the krb5 library. +* [1550] SRV record support exists for Kerberos v4. + * [1551] The heuristic for locating the Kerberos v4 KDC by prepending "kerberos." to the realm name if no config file or DNS information is available has been removed. +* [1568, 1067] A krb524 stub library is built on Windows. + Minor changes listed by ticket ID --------------------------------- @@ -181,10 +185,16 @@ Minor changes listed by ticket ID * [175] Docs refer to appropriate example domains/IPs now. -* [433] --includedir honored now. +* [299] kadmin no longer complains about missing kdc.conf parameters + when it really means krb5.conf parameters. + +* [443] --includedir honored now. * [479] unused argument in try_krb4() in login.c deleted. +* [590] The des_read_pw_string() function in libdes425 has been + aligned with the original krb4 and CNS APIs. + * [608] login.krb5 handles SIGHUP more sanely now and thus avoids getting the session into a weird state w.r.t. job control. @@ -257,8 +267,8 @@ Minor changes listed by ticket ID host having a large number of local network interfaces should be fixed now. -* [1064] krb5_auth_con_genaddrs() no longer inappropriately returns -1 - on some error cases. +* [1064] Incorrect option parsing in the gssapi library is no longer + relevant due to removal of the "v2" mechanism. * [1065, 1225] krb5_get_init_creds_password() should properly warn about password expiration. @@ -270,6 +280,9 @@ Minor changes listed by ticket ID * [1102] gssapi_generic.h should now work with C++. +* [1136] Some documentation for the setup of cross-realm + authentication has been added. + * [1164] krb5_auth_con_gen_addrs() now properly returns errno instead of -1 if getpeername() fails. @@ -334,8 +347,9 @@ Minor changes listed by ticket ID preference to attempting to use expired ticketes. Thanks to Ben Cox. -* [1262] Sequence numbers are now unsigned; negative sequence numbers - will be accepted for the purposes of backwards compatibility. +* [1262, 1572] Sequence numbers are now unsigned; negative sequence + numbers will be accepted for the purposes of backwards + compatibility. * [1263] A heuristic for matching the incorrectly encoded sequence numbers emitted by Heimdal implementations has been written. @@ -390,7 +404,7 @@ Minor changes listed by ticket ID * [1400] If DO_TIME is not set in the auth_context, and no replay cache is available, no replay cache will be used. -* [1406] libdb is no longer installed. If you installed +* [1406, 1108] libdb is no longer installed. If you installed krb5-1.3-alpha1, you should ensure that no spurious libdb is left in your install tree. @@ -455,6 +469,34 @@ Minor changes listed by ticket ID * [1520] Documentation of OS-specific build options has been updated. +* [1536] A missing prototype for krb5_db_iterate_ext() has been + added. + +* [1537] An incorrect path to kdc.conf show in the kdc.conf manpage + has been fixed. + +* [1540] verify_as_reply() will only check the "renew-till" time + against the "till" time if the RENEWABLE is not set in the request. + +* [1547] gssftpd no longer uses vfork(), as this was causing problems + under RedHat 9. + +* [1549] SRV records with a value of "." are now interpreted as a lack + of support for the protocol. + +* [1553] The undocumented (and confusing!) kdc_supported_enctypes + kdc.conf variable is no longer used. + +* [1560] Some spurious double-colons in password prompts have been + fixed. + +* [1571] The test suite tries a little harder to get a root shell. + +* [1573] The KfM build process now sets localstatedir=/var/db. + +* [1576, 1575] The client library no longer requests RENEWABLE_OK if + the renew lifetime is greater than the ticket lifetime. + --[ DELETE BEFORE RELEASE ---changes to unreleased code, etc.--- ]-- * [1054] KRB-CRED messages for RC4 are encrypted now. @@ -493,6 +535,26 @@ Minor changes listed by ticket ID * [1514] krb5int_populate_gic_opt returns void now. +* [1521] Using an afs3 salt for an AES key no longer causes + segfaults. + +* [1533] krb524.h no longer contains invalid Mac pragmas. + +* [1546] krb_mk_req_creds() no longer zeros the session key. + +* [1554] The krb4 string-to-key iteration now accounts correctly for + the decrypt-in-place semantics of libdes425. + +* [1557] KerberosLoginPrivate.h is now correctly included for the use + of __KLAllowHomeDirectoryAccess() in init_os_ctx.c (for KfM). + +* [1558] KfM exports the new krb524 interface. + +* [1563] krb__get_srvtaname() no longer returns a pointer that is + free()d upon a subsequent call. + +* [1569] A debug statement has been removed from krb524init. + Copyright Notice and Legal Administrivia ---------------------------------------- -- cgit