1Release Notes - Heimdal - Version Heimdal 1.5.1 2 3 Bug fixes 4 - Fix building on Solaris, requires c99 5 - Fix building on Windows 6 - Build system updates 7 8Release Notes - Heimdal - Version Heimdal 1.5 9 10New features 11 12 - Support GSS name extensions/attributes 13 - SHA512 support 14 - No Kerberos 4 support 15 - Basic support for MIT Admin protocol (SECGSS flavor) 16 in kadmind (extract keytab) 17 - Replace editline with libedit 18 19Release Notes - Heimdal - Version Heimdal 1.4 20 21 New features 22 23 - Support for reading MIT database file directly 24 - KCM is polished up and now used in production 25 - NTLM first class citizen, credentials stored in KCM 26 - Table driven ASN.1 compiler, smaller!, not enabled by default 27 - Native Windows client support 28 29Notes 30 31 - Disabled write support NDBM hdb backend (read still in there) since 32 it can't handle large records, please migrate to a diffrent backend 33 (like BDB4) 34 35Release Notes - Heimdal - Version Heimdal 1.3.3 36 37 Bug fixes 38 - Check the GSS-API checksum exists before trying to use it [CVE-2010-1321] 39 - Check NULL pointers before dereference them [kdc] 40 41Release Notes - Heimdal - Version Heimdal 1.3.2 42 43 Bug fixes 44 45 - Don't mix length when clearing hmac (could memset too much) 46 - More paranoid underrun checking when decrypting packets 47 - Check the password change requests and refuse to answer empty packets 48 - Build on OpenSolaris 49 - Renumber AD-SIGNED-TICKET since it was stolen from US 50 - Don't cache /dev/*random file descriptor, it doesn't get unloaded 51 - Make C++ safe 52 - Misc warnings 53 54Release Notes - Heimdal - Version Heimdal 1.3.1 55 56 Bug fixes 57 58 - Store KDC offset in credentials 59 - Many many more bug fixes 60 61Release Notes - Heimdal - Version Heimdal 1.3.1 62 63 New features 64 65 - Make work with OpenLDAPs krb5 overlay 66 67Release Notes - Heimdal - Version Heimdal 1.3 68 69 New features 70 71 - Partial support for MIT kadmind rpc protocol in kadmind 72 - Better support for finding keytab entries when using SPN aliases in the KDC 73 - Support BER in ASN.1 library (needed for CMS) 74 - Support decryption in Keychain private keys 75 - Support for new sqlite based credential cache 76 - Try both KDC referals and the common DNS reverse lookup in GSS-API 77 - Fix the KCM to not leak resources on failure 78 - Add IPv6 support to iprop 79 - Support localization of error strings in 80 kinit/klist/kdestroy and Kerberos library 81 - Remove Kerberos 4 support in application (still in KDC) 82 - Deprecate DES 83 - Support i18n password in windows domains (using UTF-8) 84 - More complete API emulation of OpenSSL in hcrypto 85 - Support for ECDSA and ECDH when linking with OpenSSL 86 87 API changes 88 89 - Support for settin friendly name on credential caches 90 - Move to using doxygen to generate documentation. 91 - Sprinkling __attribute__((depricated)) for old function to be removed 92 - Support to export LAST-REQUST information in AS-REQ 93 - Support for client deferrals in in AS-REQ 94 - Add seek support for krb5_storage. 95 - Support for split AS-REQ, first step for IA-KERB 96 - Fix many memory leaks and bugs 97 - Improved regression test 98 - Support krb5_cccol 99 - Switch to krb5_set_error_message 100 - Support krb5_crypto_*_iov 101 - Switch to use EVP for most function 102 - Use SOCK_CLOEXEC and O_CLOEXEC (close on exec) 103 - Add support for GSS_C_DELEG_POLICY_FLAG 104 - Add krb5_cc_[gs]et_config to store data in the credential caches 105 - PTY testing application 106 107Bugfixes 108 - Make building on AIX6 possible. 109 - Bugfixes in LDAP KDC code to make it more stable 110 - Make ipropd-slave reconnect when master down gown 111 112 113Release Notes - Heimdal - Version Heimdal 1.2.1 114 115* Bug 116 117 [HEIMDAL-147] - Heimdal 1.2 not compiling on Solaris 118 [HEIMDAL-151] - Make canned tests work again after cert expired 119 [HEIMDAL-152] - iprop test: use full hostname to avoid realm 120 resolving errors 121 [HEIMDAL-153] - ftp: Use the correct length for unmap, msync 122 123Release Notes - Heimdal - Version Heimdal 1.2 124 125* Bug 126 127 [HEIMDAL-10] - Follow-up on bug report for SEGFAULT in 128 gss_display_name/gss_export_name when using SPNEGO 129 [HEIMDAL-15] - Re: [Heimdal-bugs] potential bug in Heimdal 1.1 130 [HEIMDAL-17] - Remove support for depricated [libdefaults]capath 131 [HEIMDAL-52] - hdb overwrite aliases for db databases 132 [HEIMDAL-54] - Two issues which affect credentials delegation 133 [HEIMDAL-58] - sockbuf.c calls setsockopt with bad args 134 [HEIMDAL-62] - Fix printing of sig_atomic_t 135 [HEIMDAL-87] - heimdal 1.1 not building under cygwin in hcrypto 136 [HEIMDAL-105] - rcp: sync rcp with upstream bsd rcp codebase 137 [HEIMDAL-117] - Use libtool to detect symbol versioning (Debian Bug#453241) 138 139* Improvement 140 [HEIMDAL-67] - Fix locking and store credential in atomic writes 141 in the FILE credential cache 142 [HEIMDAL-106] - make compile on cygwin again 143 [HEIMDAL-107] - Replace old random key generation in des module 144 and use it with RAND_ function instead 145 [HEIMDAL-115] - Better documentation and compatibility in hcrypto 146 in regards to OpenSSL 147 148* New Feature 149 [HEIMDAL-3] - pkinit alg agility PRF test vectors 150 [HEIMDAL-14] - Add libwind to Heimdal 151 [HEIMDAL-16] - Use libwind in hx509 152 [HEIMDAL-55] - Add flag to krb5 to not add GSS-API INT|CONF to 153 the negotiation 154 [HEIMDAL-74] - Add support to report extended error message back 155 in AS-REQ to support windows clients 156 [HEIMDAL-116] - test pty based application (using rkpty) 157 [HEIMDAL-120] - Use new OpenLDAP API (older deprecated) 158 159* Task 160 [HEIMDAL-63] - Dont try key usage KRB5_KU_AP_REQ_AUTH for TGS-REQ. 161 This drop compatibility with pre 0.3d KDCs. 162 [HEIMDAL-64] - kcm: first implementation of kcm-move-cache 163 [HEIMDAL-65] - Failed to compile with --disable-pk-init 164 [HEIMDAL-80] - verify that [VU#162289]: gcc silently discards some 165 wraparound checks doesn't apply to Heimdal 166 167Changes in release 1.1 168 169 * Read-only PKCS11 provider built-in to hx509. 170 171 * Documentation for hx509, hcrypto and ntlm libraries improved. 172 173 * Better compatibilty with Windows 2008 Server pre-releases and Vista. 174 175 * Mac OS X 10.5 support for native credential cache. 176 177 * Provide pkg-config file for Heimdal (heimdal-gssapi.pc). 178 179 * Bug fixes. 180 181Changes in release 1.0.2 182 183* Ubuntu packages. 184 185* Bug fixes. 186 187Changes in release 1.0.1 188 189 * Serveral bug fixes to iprop. 190 191 * Make work on platforms without dlopen. 192 193 * Add RFC3526 modp group14 as default. 194 195 * Handle [kdc] database = { } entries without realm = stanzas. 196 197 * Make krb5_get_renewed_creds work. 198 199 * Make kaserver preauth work again. 200 201 * Bug fixes. 202 203Changes in release 1.0 204 205 * Add gss_pseudo_random() for mechglue and krb5. 206 207 * Make session key for the krbtgt be selected by the best encryption 208 type of the client. 209 210 * Better interoperability with other PK-INIT implementations. 211 212 * Inital support for Mac OS X Keychain for hx509. 213 214 * Alias support for inital ticket requests. 215 216 * Add symbol versioning to selected libraries on platforms that uses 217 GNU link editor: gssapi, hcrypto, heimntlm, hx509, krb5, and libkdc. 218 219 * New version of imath included in hcrypto. 220 221 * Fix memory leaks. 222 223 * Bugs fixes. 224 225Changes in release 0.8.1 226 227 * Make ASN.1 library less paranoid to with regard to NUL in string to 228 make it inter-operate with MIT Kerberos again. 229 230 * Make GSS-API library work again when using gss_acquire_cred 231 232 * Add symbol versioning to libgssapi when using GNU ld. 233 234 * Fix memory leaks 235 236 * Bugs fixes 237 238Changes in release 0.8 239 240 * PK-INIT support. 241 242 * HDB extensions support, used by PK-INIT. 243 244 * New ASN.1 compiler. 245 246 * GSS-API mechglue from FreeBSD. 247 248 * Updated SPNEGO to support RFC4178. 249 250 * Support for Cryptosystem Negotiation Extension (RFC 4537). 251 252 * A new X.509 library (hx509) and related crypto functions. 253 254 * A new ntlm library (heimntlm) and related crypto functions. 255 256 * Updated the built-in crypto library with bignum support using 257 imath, support for RSA and DH and renamed it to libhcrypto. 258 259 * Subsystem in the KDC, digest, that will perform the digest 260 operation in the KDC, currently supports: CHAP, MS-CHAP-V2, SASL 261 DIGEST-MD5 NTLMv1 and NTLMv2. 262 263 * KDC will return the "response too big" error to force TCP retries 264 for large (default 1400 bytes) UDP replies. This is common for 265 PK-INIT requests. 266 267 * Libkafs defaults to use 2b tokens. 268 269 * Default to use the API cache on Mac OS X. 270 271 * krb5_kuserok() also checks ~/.k5login.d directory for acl files, 272 see manpage for krb5_kuserok for description. 273 274 * Many, many, other updates to code and info manual and manual pages. 275 276 * Bug fixes 277 278Changes in release 0.7.2 279 280* Fix security problem in rshd that enable an attacker to overwrite 281 and change ownership of any file that root could write. 282 283* Fix a DOS in telnetd. The attacker could force the server to crash 284 in a NULL de-reference before the user logged in, resulting in inetd 285 turning telnetd off because it forked too fast. 286 287* Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name 288 exists in the keytab before returning success. This allows servers 289 to check if its even possible to use GSSAPI. 290 291* Fix receiving end of token delegation for GSS-API. It still wrongly 292 uses subkey for sending for compatibility reasons, this will change 293 in 0.8. 294 295* telnetd, login and rshd are now more verbose in logging failed and 296 successful logins. 297 298* Bug fixes 299 300Changes in release 0.7.1 301 302* Bug fixes 303 304Changes in release 0.7 305 306 * Support for KCM, a process based credential cache 307 308 * Support CCAPI credential cache 309 310 * SPNEGO support 311 312 * AES (and the gssapi conterpart, CFX) support 313 314 * Adding new and improve old documentation 315 316 * Bug fixes 317 318Changes in release 0.6.6 319 320* Fix security problem in rshd that enable an attacker to overwrite 321 and change ownership of any file that root could write. 322 323* Fix a DOS in telnetd. The attacker could force the server to crash 324 in a NULL de-reference before the user logged in, resulting in inetd 325 turning telnetd off because it forked too fast. 326 327Changes in release 0.6.5 328 329 * fix vulnerabilities in telnetd 330 331 * unbreak Kerberos 4 and kaserver 332 333Changes in release 0.6.4 334 335 * fix vulnerabilities in telnet 336 337 * rshd: encryption without a separate error socket should now work 338 339 * telnet now uses appdefaults for the encrypt and forward/forwardable 340 settings 341 342 * bug fixes 343 344Changes in release 0.6.3 345 346 * fix vulnerabilities in ftpd 347 348 * support for linux AFS /proc "syscalls" 349 350 * support for RFC3244 (Windows 2000 Kerberos Change/Set Password) in 351 kpasswdd 352 353 * fix possible KDC denial of service 354 355 * bug fixes 356 357Changes in release 0.6.2 358 359 * Fix possible buffer overrun in v4 kadmin (which now defaults to off) 360 361Changes in release 0.6.1 362 363 * Fixed ARCFOUR suppport 364 365 * Cross realm vulnerability 366 367 * kdc: fix denial of service attack 368 369 * kdc: stop clients from renewing tickets into the future 370 371 * bug fixes 372 373Changes in release 0.6 374 375* The DES3 GSS-API mechanism has been changed to inter-operate with 376 other GSSAPI implementations. See man page for gssapi(3) how to turn 377 on generation of correct MIC messages. Next major release of heimdal 378 will generate correct MIC by default. 379 380* More complete GSS-API support 381 382* Better AFS support: kdc (524) supports 2b; 524 in kdc and AFS 383 support in applications no longer requires Kerberos 4 libs 384 385* Kerberos 4 support in kdc defaults to turned off (includes ka and 524) 386 387* other bug fixes 388 389Changes in release 0.5.2 390 391 * kdc: add option for disabling v4 cross-realm (defaults to off) 392 393 * bug fixes 394 395Changes in release 0.5.1 396 397 * kadmind: fix remote exploit 398 399 * kadmind: add option to disable kerberos 4 400 401 * kdc: make sure kaserver token life is positive 402 403 * telnet: use the session key if there is no subkey 404 405 * fix EPSV parsing in ftp 406 407 * other bug fixes 408 409Changes in release 0.5 410 411 * add --detach option to kdc 412 413 * allow setting forward and forwardable option in telnet from 414 .telnetrc, with override from command line 415 416 * accept addresses with or without ports in krb5_rd_cred 417 418 * make it work with modern openssl 419 420 * use our own string2key function even with openssl (that handles weak 421 keys incorrectly) 422 423 * more system-specific requirements in login 424 425 * do not use getlogin() to determine root in su 426 427 * telnet: abort if telnetd does not support encryption 428 429 * update autoconf to 2.53 430 431 * update config.guess, config.sub 432 433 * other bug fixes 434 435Changes in release 0.4e 436 437 * improve libcrypto and database autoconf tests 438 439 * do not care about salting of server principals when serving v4 requests 440 441 * some improvements to gssapi library 442 443 * test for existing compile_et/libcom_err 444 445 * portability fixes 446 447 * bug fixes 448 449Changes in release 0.4d 450 451 * fix some problems when using libcrypto from openssl 452 453 * handle /dev/ptmx `unix98' ptys on Linux 454 455 * add some forgotten man pages 456 457 * rsh: clean-up and add man page 458 459 * fix -A and -a in builtin-ls in tpd 460 461 * fix building problem on Irix 462 463 * make `ktutil get' more efficient 464 465 * bug fixes 466 467Changes in release 0.4c 468 469 * fix buffer overrun in telnetd 470 471 * repair some of the v4 fallback code in kinit 472 473 * add more shared library dependencies 474 475 * simplify and fix hprop handling of v4 databases 476 477 * fix some building problems (osf's sia and osfc2 login) 478 479 * bug fixes 480 481Changes in release 0.4b 482 483 * update the shared library version numbers correctly 484 485Changes in release 0.4a 486 487 * corrected key used for checksum in mk_safe, unfortunately this 488 makes it backwards incompatible 489 490 * update to autoconf 2.50, libtool 1.4 491 492 * re-write dns/config lookups (krb5_krbhst API) 493 494 * make order of using subkeys consistent 495 496 * add man page links 497 498 * add more man pages 499 500 * remove rfc2052 support, now only rfc2782 is supported 501 502 * always build with kaserver protocol support in the KDC (assuming 503 KRB4 is enabled) and support for reading kaserver databases in 504 hprop 505 506Changes in release 0.3f 507 508 * change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab, 509 the new keytab type that tries both of these in order (SRVTAB is 510 also an alias for krb4:) 511 512 * improve error reporting and error handling (error messages should 513 be more detailed and more useful) 514 515 * improve building with openssl 516 517 * add kadmin -K, rcp -F 518 519 * fix two incorrect weak DES keys 520 521 * fix building of kaserver compat in KDC 522 523 * the API is closer to what MIT krb5 is using 524 525 * more compatible with windows 2000 526 527 * removed some memory leaks 528 529 * bug fixes 530 531Changes in release 0.3e 532 533 * rcp program included 534 535 * fix buffer overrun in ftpd 536 537 * handle omitted sequence numbers as zeroes to handle MIT krb5 that 538 cannot generate zero sequence numbers 539 540 * handle v4 /.k files better 541 542 * configure/portability fixes 543 544 * fixes in parsing of options to kadmin (sub-)commands 545 546 * handle errors in kadmin load better 547 548 * bug fixes 549 550Changes in release 0.3d 551 552 * add krb5-config 553 554 * fix a bug in 3des gss-api mechanism, making it compatible with the 555 specification and the MIT implementation 556 557 * make telnetd only allow a specific list of environment variables to 558 stop it from setting `sensitive' variables 559 560 * try to use an existing libdes 561 562 * lib/krb5, kdc: use correct usage type for ap-req messages. This 563 should improve compatability with MIT krb5 when using 3DES 564 encryption types 565 566 * kdc: fix memory allocation problem 567 568 * update config.guess and config.sub 569 570 * lib/roken: more stuff implemented 571 572 * bug fixes and portability enhancements 573 574Changes in release 0.3c 575 576 * lib/krb5: memory caches now support the resolve operation 577 578 * appl/login: set PATH to some sane default 579 580 * kadmind: handle several realms 581 582 * bug fixes (including memory leaks) 583 584Changes in release 0.3b 585 586 * kdc: prefer default-salted keys on v5 requests 587 588 * kdc: lowercase hostnames in v4 mode 589 590 * hprop: handle more types of MIT salts 591 592 * lib/krb5: fix memory leak 593 594 * bug fixes 595 596Changes in release 0.3a: 597 598 * implement arcfour-hmac-md5 to interoperate with W2K 599 600 * modularise the handling of the master key, and allow for other 601 encryption types. This makes it easier to import a database from 602 some other source without having to re-encrypt all keys. 603 604 * allow for better control over which encryption types are created 605 606 * make kinit fallback to v4 if given a v4 KDC 607 608 * make klist work better with v4 and v5, and add some more MIT 609 compatibility options 610 611 * make the kdc listen on the krb524 (4444) port for compatibility 612 with MIT krb5 clients 613 614 * implement more DCE/DFS support, enabled with --enable-dce, see 615 lib/kdfs and appl/dceutils 616 617 * make the sequence numbers work correctly 618 619 * bug fixes 620 621Changes in release 0.2t: 622 623 * bug fixes 624 625Changes in release 0.2s: 626 627 * add OpenLDAP support in hdb 628 629 * login will get v4 tickets when it receives forwarded tickets 630 631 * xnlock supports both v5 and v4 632 633 * repair source routing for telnet 634 635 * fix building problems with krb4 (krb_mk_req) 636 637 * bug fixes 638 639Changes in release 0.2r: 640 641 * fix realloc memory corruption bug in kdc 642 643 * `add --key' and `cpw --key' in kadmin 644 645 * klist supports listing v4 tickets 646 647 * update config.guess and config.sub 648 649 * make v4 -> v5 principal name conversion more robust 650 651 * support for anonymous tickets 652 653 * new man-pages 654 655 * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab. 656 657 * use and set expiration and not password expiration when dumping 658 to/from ka server databases / krb4 databases 659 660 * make the code happier with 64-bit time_t 661 662 * follow RFC2782 and by default do not look for non-underscore SRV names 663 664Changes in release 0.2q: 665 666 * bug fix in tcp-handling in kdc 667 668 * bug fix in expand_hostname 669 670Changes in release 0.2p: 671 672 * bug fix in `kadmin load/merge' 673 674 * bug fix in krb5_parse_address 675 676Changes in release 0.2o: 677 678 * gss_{import,export}_sec_context added to libgssapi 679 680 * new option --addresses to kdc (for listening on an explicit set of 681 addresses) 682 683 * bug fixes in the krb4 and kaserver emulation part of the kdc 684 685 * other bug fixes 686 687Changes in release 0.2n: 688 689 * more robust parsing of dump files in kadmin 690 * changed default timestamp format for log messages to extended ISO 691 8601 format (Y-M-DTH:M:S) 692 * changed md4/md5/sha1 APIes to be de-facto `standard' 693 * always make hostname into lower-case before creating principal 694 * small bits of more MIT-compatability 695 * bug fixes 696 697Changes in release 0.2m: 698 699 * handle glibc's getaddrinfo() that returns several ai_canonname 700 701 * new endian test 702 703 * man pages fixes 704 705Changes in release 0.2l: 706 707 * bug fixes 708 709Changes in release 0.2k: 710 711 * better IPv6 test 712 713 * make struct sockaddr_storage in roken work better on alphas 714 715 * some missing [hn]to[hn]s fixed. 716 717 * allow users to change their own passwords with kadmin (with initial 718 tickets) 719 720 * fix stupid bug in parsing KDC specification 721 722 * add `ktutil change' and `ktutil purge' 723 724Changes in release 0.2j: 725 726 * builds on Irix 727 728 * ftpd works in passive mode 729 730 * should build on cygwin 731 732 * work around broken IPv6-code on OpenBSD 2.6, also add configure 733 option --disable-ipv6 734 735Changes in release 0.2i: 736 737 * use getaddrinfo in the missing places. 738 739 * fix SRV lookup for admin server 740 741 * use get{addr,name}info everywhere. and implement it in terms of 742 getipnodeby{name,addr} (which uses gethostbyname{,2} and 743 gethostbyaddr) 744 745Changes in release 0.2h: 746 747 * fix typo in kx (now compiles) 748 749Changes in release 0.2g: 750 751 * lots of bug fixes: 752 * push works 753 * repair appl/test programs 754 * sockaddr_storage works on solaris (alignment issues) 755 * works better with non-roken getaddrinfo 756 * rsh works 757 * some non standard C constructs removed 758 759Changes in release 0.2f: 760 761 * support SRV records for kpasswd 762 * look for both _kerberos and krb5-realm when doing host -> realm mapping 763 764Changes in release 0.2e: 765 766 * changed copyright notices to remove `advertising'-clause. 767 * get{addr,name}info added to roken and used in the other code 768 (this makes things work much better with hosts with both v4 and v6 769 addresses, among other things) 770 * do pre-auth for both password and key-based get_in_tkt 771 * support for having several databases 772 * new command `del_enctype' in kadmin 773 * strptime (and new strftime) add to roken 774 * more paranoia about finding libdb 775 * bug fixes 776 777Changes in release 0.2d: 778 779 * new configuration option [libdefaults]default_etypes_des 780 * internal ls in ftpd builds without KRB4 781 * kx/rsh/push/pop_debug tries v5 and v4 consistenly 782 * build bug fixes 783 * other bug fixes 784 785Changes in release 0.2c: 786 787 * bug fixes (see ChangeLog's for details) 788 789Changes in release 0.2b: 790 791 * bug fixes 792 * actually bump shared library versions 793 794Changes in release 0.2a: 795 796 * a new program verify_krb5_conf for checking your /etc/krb5.conf 797 * add 3DES keys when changing password 798 * support null keys in database 799 * support multiple local realms 800 * implement a keytab backend for AFS KeyFile's 801 * implement a keytab backend for v4 srvtabs 802 * implement `ktutil copy' 803 * support password quality control in v4 kadmind 804 * improvements in v4 compat kadmind 805 * handle the case of having the correct cred in the ccache but with 806 the wrong encryption type better 807 * v6-ify the remaining programs. 808 * internal ls in ftpd 809 * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat 810 * add `ank --random-password' and `cpw --random-password' in kadmin 811 * some programs and documentation for trying to talk to a W2K KDC 812 * bug fixes 813 814Changes in release 0.1m: 815 816 * support for getting default from krb5.conf for kinit/kf/rsh/telnet. 817 From Miroslav Ruda <ruda@ics.muni.cz> 818 * v6-ify hprop and hpropd 819 * support numeric addresses in krb5_mk_req 820 * shadow support in login and su. From Miroslav Ruda <ruda@ics.muni.cz> 821 * make rsh/rshd IPv6-aware 822 * make the gssapi sample applications better at reporting errors 823 * lots of bug fixes 824 * handle systems with v6-aware libc and non-v6 kernels (like Linux 825 with glibc 2.1) better 826 * hide failure of ERPT in ftp 827 * lots of bug fixes 828 829Changes in release 0.1l: 830 831 * make ftp and ftpd IPv6-aware 832 * add inet_pton to roken 833 * more IPv6-awareness 834 * make mini_inetd v6 aware 835 836Changes in release 0.1k: 837 838 * bump shared libraries versions 839 * add roken version of inet_ntop 840 * merge more changes to rshd 841 842Changes in release 0.1j: 843 844 * restore back to the `old' 3DES code. This was supposed to be done 845 in 0.1h and 0.1i but I did a CVS screw-up. 846 * make telnetd handle v6 connections 847 848Changes in release 0.1i: 849 850 * start using `struct sockaddr_storage' which simplifies the code 851 (with a fallback definition if it's not defined) 852 * bug fixes (including in hprop and kf) 853 * don't use mawk which seems to mishandle roken.awk 854 * get_addrs should be able to handle v6 addresses on Linux (with the 855 required patch to the Linux kernel -- ask within) 856 * rshd builds with shadow passwords 857 858Changes in release 0.1h: 859 860 * kf: new program for forwarding credentials 861 * portability fixes 862 * make forwarding credentials work with MIT code 863 * better conversion of ka database 864 * add etc/services.append 865 * correct `modified by' from kpasswdd 866 * lots of bug fixes 867 868Changes in release 0.1g: 869 870 * kgetcred: new program for explicitly obtaining tickets 871 * configure fixes 872 * krb5-aware kx 873 * bug fixes 874 875Changes in release 0.1f; 876 877 * experimental support for v4 kadmin protokoll in kadmind 878 * bug fixes 879 880Changes in release 0.1e: 881 882 * try to handle old DCE and MIT kdcs 883 * support for older versions of credential cache files and keytabs 884 * postdated tickets work 885 * support for password quality checks in kpasswdd 886 * new flag --enable-kaserver for kdc 887 * renew fixes 888 * prototype su program 889 * updated (some) manpages 890 * support for KDC resource records 891 * should build with --without-krb4 892 * bug fixes 893 894Changes in release 0.1d: 895 896 * Support building with DB2 (uses 1.85-compat API) 897 * Support krb5-realm.DOMAIN in DNS 898 * new `ktutil srvcreate' 899 * v4/kafs support in klist/kdestroy 900 * bug fixes 901 902Changes in release 0.1c: 903 904 * fix ASN.1 encoding of signed integers 905 * somewhat working `ktutil get' 906 * some documentation updates 907 * update to Autoconf 2.13 and Automake 1.4 908 * the usual bug fixes 909 910Changes in release 0.1b: 911 912 * some old -> new crypto conversion utils 913 * bug fixes 914 915Changes in release 0.1a: 916 917 * new crypto code 918 * more bug fixes 919 * make sure we ask for DES keys in gssapi 920 * support signed ints in ASN1 921 * IPv6-bug fixes 922 923Changes in release 0.0u: 924 925 * lots of bug fixes 926 927Changes in release 0.0t: 928 929 * more robust parsing of krb5.conf 930 * include net{read,write} in lib/roken 931 * bug fixes 932 933Changes in release 0.0s: 934 935 * kludges for parsing options to rsh 936 * more robust parsing of krb5.conf 937 * removed some arbitrary limits 938 * bug fixes 939 940Changes in release 0.0r: 941 942 * default options for some programs 943 * bug fixes 944 945Changes in release 0.0q: 946 947 * support for building shared libraries with libtool 948 * bug fixes 949 950Changes in release 0.0p: 951 952 * keytab moved to /etc/krb5.keytab 953 * avoid false detection of IPv6 on Linux 954 * Lots of more functionality in the gssapi-library 955 * hprop can now read ka-server databases 956 * bug fixes 957 958Changes in release 0.0o: 959 960 * FTP with GSSAPI support. 961 * Bug fixes. 962 963Changes in release 0.0n: 964 965 * Incremental database propagation. 966 * Somewhat improved kadmin ui; the stuff in admin is now removed. 967 * Some support for using enctypes instead of keytypes. 968 * Lots of other improvement and bug fixes, see ChangeLog for details. 969