these were the Kerberos Version 5, Release 1.2 Release Notes which are be updated for the next release by The MIT Kerberos Team Unpacking the Source Distribution --------------------------------- The source distribution of Kerberos 5 comes in three gzipped tarfiles, krb5-1.2.src.tar.gz, krb5-1.2.doc.tar.gz, and krb5-1.2.crypto.tar.gz. The krb5-1.2.doc.tar.gz contains the doc/ directory and this README file. The krb5-1.2.src.tar.gz contains the src/ directory and this README file, except for the crypto library sources, which are in krb5-1.2.crypto.tar.gz. Instruction on how to extract the entire distribution follow. These directions assume that you want to extract into a directory called DIST. If you have the GNU tar program and gzip installed, you can simply do: mkdir DIST cd DIST gtar zxpf krb5-1.2.src.tar.gz gtar zxpf krb5-1.2.crypto.tar.gz gtar zxpf krb5-1.2.doc.tar.gz If you don't have GNU tar, you will need to get the FSF gzip distribution and use gzcat: mkdir DIST cd DIST gzcat krb5-1.2.src.tar.gz | tar xpf - gzcat krb5-1.2.crypto.tar.gz | tar xpf - gzcat krb5-1.2.doc.tar.gz | tar xpf - Both of these methods will extract the sources into DIST/krb5-1.2/src and the documentation into DIST/krb5-1.2/doc. Building and Installing Kerberos 5 ---------------------------------- The first file you should look at is doc/install-guide.ps; it contains the notes for building and installing Kerberos 5. The info file krb5-install.info has the same information in info file format. You can view this using the GNU emacs info-mode, or by using the standalone info file viewer from the Free Software Foundation. This is also available as an HTML file, install.html. Other good files to look at are admin-guide.ps and user-guide.ps, which contain the system administrator's guide, and the user's guide, respectively. They are also available as info files kerberos-admin.info and krb5-user.info, respectively. These files are also available as HTML files. If you are attempting to build under Windows, please see the src/windows/README file. Reporting Bugs -------------- Please report any problems/bugs/comments using the krb5-send-pr program. The krb5-send-pr program will be installed in the sbin directory once you have successfully compiled and installed Kerberos V5 (or if you have installed one of our binary distributions). If you are not able to use krb5-send-pr because you haven't been able compile and install Kerberos V5 on any platform, you may send mail to krb5-bugs@mit.edu. Notes, Major Changes, and Known Bugs for 1.3 ------------------------------------ * We now install the compile_et program, so other packages can use the installed com_err library with their own error tables. (If you use our com_err code, that is; see below.) * The header files we install now assume ANSI/ISO C ('89, not '99). We have stopped testing on SunOS 4, even with gcc. Some of our code now has C89-based assumptions, like free(NULL) being well defined, that will probably frustrate any attempts to run this code under SunOS 4 or other pre-C89 systems. * Some new code, bug fixes, and cleanup for IPv6 support. [[TODO: Insert list of (non-)supporting programs and libraries here.]] * We have upgraded to autoconf 2.52 (or later), and the syntax for specifying certain configuration options have changed. For example, autoconf 2.52 configure scripts let you specify command-line options like "configure CC=/some/path/foo-cc", so we have removed some of our old options like --with-cc in favor of this approach. * The client libraries can now use TCP to connect to the KDC. This may be necessary when talking to Microsoft KDCs (domain controllers), if they issue you tickets with lots of PAC data. * If you have versions of the com_err, ss, or Berkeley DB packages installed locally, you can use the --with-system-et, --with-system-ss, and --with-system-db configure options to use them rather than using the versions supplied here. Note that the interfaces are assumed to be similar to those we supply; in particular, some older, divergent versions of the com_err library may not work with the krb5 sources. Many configure-time variables can be used to help the compiler and linker find the installed packages; see the build documentation for details. Notes, Major Changes, and Known Bugs for 1.2, delete before shipping 1.3 ------------------------------------ * Triple DES support, for session keys as well as user or service keys, should be nearly complete in this release. Much of the work that has been needed is generic multiple-cryptosystem support, so the addition of another cryptosystem should be much easier. * GSSAPI support for 3DES has been added. An Internet Draft is being worked on that will describe how this works; it is not currently standardized. Some backwards-compatibility issues in this area mean that enabling 3DES support must be done with caution; service keys that are used for GSSAPI must not be updated to 3DES until the services themselves are upgraded to support 3DES under GSSAPI. * DNS support for locating KDCs is enabled by default. DNS support for looking up the realm of a host is compiled in but disabled by default (due to some concerns with DNS spoofing). We recommend that you publish your KDC information through DNS even if you intend to rely on config files at your own site; otherwise, sites that wish to communicate with you will have to keep their config files updated with your information. One of the goals of this code is to reduce the client-side configuration maintenance requirements as much as is possible, without compromising security. See the administrator's guide for information on setting up DNS information for your realm. One important effect of this for developers is that on many systems, "-lresolv" must be added to the compiler command line when linking Kerberos programs. Configure-time options are available to control the inclusion of the DNS code and the setting of the defaults. Entries in krb5.conf will also modify the behavior if the code has been compiled in. * Numerous buffer-overrun problems have been found and fixed. Many of these were in locations we don't expect can be exploited in any useful way (for example, overrunning a buffer of MAXPATHLEN bytes if a compiled-in pathname is too long, in a program that has no special privileges). It may be possible to exploit a few of these to compromise system security. * Partial support for IPv6 addresses has been added. It can be enabled or disabled at configure time with --enable-ipv6 or --disable-ipv6; by default, the configure script will search for certain types and macros, and enable the IPv6 code if they're found. The IPv6 support at this time mostly consists of including the addresses in credentials. * A protocol change has been made to the "rcmd" suite (rlogin, rsh, rcp) to address several security problems described in Kris Hildrum's paper presented at NDSS 2000. New command-line options have been added to control the selection of protocol, since the revised protocol is not compatible with the old one. * A security problem in login.krb5 has been fixed. This problem was only present if the krb4 compatibility code was not compiled in. * A security problem with ftpd has been fixed. An error in the in the yacc grammar permitted potential root access. * The client programs kinit, klist and kdestroy have been changed to incorporate krb4 support. New command-line options control whether krb4 behavior, krb5 behavior, or both are used. * Patches from Frank Cusack for much better hardware preauth support have been incorporated. * Patches from Matt Crawford extend the kadmin ACL syntax so that restrictions can be imposed on what certain administrators may do to certain accounts. * A KDC on a host with multiple network addresses will now respond to a client from the address that the client used to contact it. The means used to implement this will however cause the KDC not to listen on network addresses configured after the KDC has started. Minor changes ------------- * New software using com_err should use the {add,remove}_error_table interface rather than init_XXX_error_table; in fact, the latter function in the generate C files will now call add_error_table instead of messing with unprotected global variables. Karl Ramm has offered to look into reconciling the various extensions and changes that have been made in different versions of the MIT library, and the API used in the Heimdal equivalent. No timeline is set for this work. * Some source files (including some header files we install) now have annotations for use with the LCLint package from the University of Virginia. LCLint, as of version 2.5q, is not capable of handling much of the Kerberos code in its current form, at least not without significantly restructuring the Kerberos code, but it has been used in limited cases and has uncovered some bugs. We may try adding more annotations in the future. Minor changes for 1.2, delete this section before shipping 1.3 ------------- * The shell code for searching for the Tcl package at configure time has been modified. If a tclConfig.sh can be found, the information it contains is used, otherwise the old searching method is tried. Let us know if this new scheme causes any problems. * Shared library builds may work on HPUX, Rhapsody/MacOS X, and newer Alpha systems now. * The Windows build will now include kvno and gss-sample. * The routine krb5_secure_config_files has been disabled. A new routine, krb5_init_secure_context, has been added in its place. * The routine decode_krb5_ticket is now being exported as krb5_decode_ticket. Any programs that used the old name (which should be few) should be changed to use the new name; we will probably eliminate the old name in the future. * The CCAPI-based credentials cache code has been changed to store the local-clock time of issue and expiration rather than the KDC-clock times. * On systems with large numbers of IP addresses, "kinit" should do a better job of acquiring those addresses to put in the user's credentials. * Several memory leaks in error cases in the gssrpc code have been fixed. * A bug with login clobbering some internal static storage on AIX has been fixed. * Per-library initialization and cleanup functions have been added, for use in configurations that dynamically load and unload these libraries. * Many compile-time warnings have been fixed. * The GSS sample programs have been updated to exercise more of the API. * The telnet server should produce a more meaningful error message if authentication is required but not provided. * Changes have been made to ksu to make it more difficult to use it to leak information the user does not have access to. * The sample config file information for the CYGNUS.COM realm has been updated, and the GNU.ORG realm has been added. * A configure-time option has been added to enable a replay cache in the KDC. We recommend its use when hardware preauthentication is being used. It is enabled by default, and can be disabled if desired with the configure-time option --disable-kdc-replay-cache. * Some new routines have been added to the library and krb5.h. * A new routine has been added to the prompter interface to allow the application to determine which of the strings prompted for is the user's password, in case it is needed for other purposes. * The remote kadmin interface has been enhanced to support the specification of key/salt types for a principal. * New keytab entries' key values can now be specified manually with a new command in the ktutil program. * A longstanding bug where certain krb4 exchanges using the compatibility library between systems with different byte orders would fail half the time has been fixed. * A source file under the GPL has been replaced with an equivalent under the BSD license. The file, strftime.c, was part of one of the OpenVision admin system applications, and was only used on systems that don't have strftime() in their C libraries. * Many bug reports are still outstanding in our database. We are continuing to work on this backlog. Copyright Notice and Legal Administrivia ---------------------------------------- Copyright (C) 1985-2000 by the Massachusetts Institute of Technology. All rights reserved. Export of this software from the United States of America may require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. Furthermore if you modify this software you must label your software as modified software and not distribute it in such a fashion that it might be confused with the original MIT software. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. Individual source code files are copyright MIT, Cygnus Support, OpenVision, Oracle, Sun Soft, FundsXpress, and others. Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, and Zephyr are trademarks of the Massachusetts Institute of Technology (MIT). No commercial use of these trademarks may be made without prior written permission of MIT. "Commercial use" means use of a name in a product or other for-profit manner. It does NOT prevent a commercial firm from referring to the MIT trademarks in order to convey information (although in doing so, recognition of their trademark status should be given). ---- The following copyright and permission notice applies to the OpenVision Kerberos Administration system located in kadmin/create, kadmin/dbutil, kadmin/passwd, kadmin/server, lib/kadm5, and portions of lib/rpc: Copyright, OpenVision Technologies, Inc., 1996, All Rights Reserved WARNING: Retrieving the OpenVision Kerberos Administration system source code, as described below, indicates your acceptance of the following terms. If you do not agree to the following terms, do not retrieve the OpenVision Kerberos administration system. You may freely use and distribute the Source Code and Object Code compiled from it, with or without modification, but this Source Code is provided to you "AS IS" EXCLUSIVE OF ANY WARRANTY, INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, OR ANY OTHER WARRANTY, WHETHER EXPRESS OR IMPLIED. IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY FOR ANY LOST PROFITS, LOSS OF DATA OR COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, INCLUDING, WITHOUT LIMITATION, THOSE RESULTING FROM THE USE OF THE SOURCE CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR ANY OTHER REASON. OpenVision retains all copyrights in the donated Source Code. OpenVision also retains copyright to derivative works of the Source Code, whether created by OpenVision or by a third party. The OpenVision copyright notice must be preserved if derivative works are made based on the donated Source Code. OpenVision Technologies, Inc. has donated this Kerberos Administration system to MIT for inclusion in the standard Kerberos 5 distribution. This donation underscores our commitment to continuing Kerberos technology development and our gratitude for the valuable work which has been performed by MIT and the Kerberos community. ---- Portions contributed by Matt Crawford were work performed at Fermi National Accelerator Laboratory, which is operated by Universities Research Association, Inc., under contract DE-AC02-76CHO3000 with the U.S. Department of Energy. ---- The implementation of the Yarrow pseudo-random number generator in src/lib/crypto/yarrow has the following copyright: Copyright 2000 by Zero-Knowledge Systems, Inc. Permission to use, copy, modify, distribute, and sell this software and its documentation for any purpose is hereby granted without fee, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of Zero-Knowledge Systems, Inc. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. Zero-Knowledge Systems, Inc. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. ZERO-KNOWLEDGE SYSTEMS, INC. DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL ZERO-KNOWLEDGE SYSTEMS, INC. BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTUOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ---- The implementation of the AES encryption algorithm in src/lib/crypto/aes has the following copyright: Copyright (c) 2001, Dr Brian Gladman , Worcester, UK. All rights reserved. LICENSE TERMS The free distribution and use of this software in both source and binary form is allowed (with or without changes) provided that: 1. distributions of this source code include the above copyright notice, this list of conditions and the following disclaimer; 2. distributions in binary form include the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other associated materials; 3. the copyright holder's name is not used to endorse products built using this software without specific written permission. DISCLAIMER This software is provided 'as is' with no explcit or implied warranties in respect of any properties, including, but not limited to, correctness and fitness for purpose. Acknowledgements ---------------- Appreciation Time!!!! There are far too many people to try to thank them all; many people have contributed to the development of Kerberos V5. This is only a partial listing.... Thanks to Paul Vixie and the Internet Software Consortium for funding the work of Barry Jaspan. This funding was invaluable for the OV administration server integration, as well as the 1.0 release preparation process. Thanks to John Linn, Scott Foote, and all of the folks at OpenVision Technologies, Inc., who donated their administration server for use in the MIT release of Kerberos. Thanks to Jeff Bigler, Mark Eichin, Marc Horowitz, Nancy Gilman, Ken Raeburn, and all of the folks at Cygnus Support, who provided innumerable bug fixes and portability enhancements to the Kerberos V5 tree. Thanks especially to Jeff Bigler, for the new user and system administrator's documentation. Thanks to Doug Engert from ANL for providing many bug fixes, as well as testing to ensure DCE interoperability. Thanks to Ken Hornstein at NRL for providing many bug fixes and suggestions. Thanks to Matt Crawford at FNAL for bugfixes and enhancements. Thanks to Sean Mullan and Bill Sommerfeld from Hewlett Packard for their many suggestions and bug fixes. Thanks to Nalin Dahyabhai of RedHat and Chris Evans for locating and providing patches for numerous buffer overruns. Thanks to Christopher Thompson and Marcus Watts for discovering the ftpd security bug. Thanks to the members of the Kerberos V5 development team at MIT, both past and present: Danilo Almeida, Jay Berkenbilt, Richard Basch, John Carr, Don Davis, Alexandra Ellwood, Nancy Gilman, Matt Hancher, Sam Hartman, Paul Hill, Marc Horowitz, Eva Jacobus, Miroslav Jurisic, Barry Jaspan, Geoffrey King, John Kohl, Peter Litwack, Scott McGuire, Kevin Mitchell, Cliff Neuman, Paul Park, Ezra Peisach, Chris Provenzano, Ken Raeburn, Jon Rochlis, Jeff Schiller, Brad Thompson, Harry Tsai, Ted Ts'o, Marshall Vale, Tom Yu.