Added file documenting incompatibility problems with previous versions of

Kerberos.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@3846 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 19 insertions, 0 deletions

diff --git a/doc/INCOMPATIBILITY b/doc/INCOMPATIBILITY
new file mode 100644
index 000000000..fdb377e16
--- /dev/null
+++ b/doc/INCOMPATIBILITY
@@ -0,0 +1,19 @@
+Incompatibility notes:
+======================
+
+Currently, all of the MIT implementations of the Kerberos protocol are
+not fully compliant with the Kerberos RFC --- specifically, we do not
+implement the DES w/ MD5 checksum which is required by the RFC.  This
+includes the Beta 4 release, although I expect to have this fixed in a
+patch release as soon as possible.  I believe that we can fix this with
+minimal compatibility impacts; vendors contemplating shipment of this
+code as product should wait for the patch release or contact us for
+futher details.
+
+MIT implementations release Beta 2 and earlier are buggy in that they
+incorrectly generate the ASN.1 for a TGS request message.  This was
+fixed in Beta 3, but the fix causes Beta 2 KDC's to be unable to
+respond to Beta 3 and more recent versions due to a checksum error.
+The Beta 3 KDC contains backwards compatibility code so that Beta 2
+and earlier application programs can continue to work with a Beta 3
+and more recent KDC.