diff options
Diffstat (limited to 'crypto/heimdal/NEWS')
| -rw-r--r-- | crypto/heimdal/NEWS | 596 |
1 files changed, 0 insertions, 596 deletions
diff --git a/crypto/heimdal/NEWS b/crypto/heimdal/NEWS deleted file mode 100644 index 73752077a16b8..0000000000000 --- a/crypto/heimdal/NEWS +++ /dev/null @@ -1,596 +0,0 @@ -Changes in release 0.6 - -* The DES3 GSS-API mechanism has been changed to inter-operate with - other GSSAPI implementations. See man page for gssapi(3) how to turn - on generation of correct MIC messages. Next major release of heimdal - will generate correct MIC by default. - -* More complete GSS-API support - -* Better AFS support: kdc (524) supports 2b; 524 in kdc and AFS - support in applications no longer requires Kerberos 4 libs - -* Kerberos 4 support in kdc defaults to turned off (includes ka and 524) - -* other bug fixes - -Changes in release 0.5.2 - - * kdc: add option for disabling v4 cross-realm (defaults to off) - - * bug fixes - -Changes in release 0.5.1 - - * kadmind: fix remote exploit - - * kadmind: add option to disable kerberos 4 - - * kdc: make sure kaserver token life is positive - - * telnet: use the session key if there is no subkey - - * fix EPSV parsing in ftp - - * other bug fixes - -Changes in release 0.5 - - * add --detach option to kdc - - * allow setting forward and forwardable option in telnet from - .telnetrc, with override from command line - - * accept addresses with or without ports in krb5_rd_cred - - * make it work with modern openssl - - * use our own string2key function even with openssl (that handles weak - keys incorrectly) - - * more system-specific requirements in login - - * do not use getlogin() to determine root in su - - * telnet: abort if telnetd does not support encryption - - * update autoconf to 2.53 - - * update config.guess, config.sub - - * other bug fixes - -Changes in release 0.4e - - * improve libcrypto and database autoconf tests - - * do not care about salting of server principals when serving v4 requests - - * some improvements to gssapi library - - * test for existing compile_et/libcom_err - - * portability fixes - - * bug fixes - -Changes in release 0.4d - - * fix some problems when using libcrypto from openssl - - * handle /dev/ptmx `unix98' ptys on Linux - - * add some forgotten man pages - - * rsh: clean-up and add man page - - * fix -A and -a in builtin-ls in tpd - - * fix building problem on Irix - - * make `ktutil get' more efficient - - * bug fixes - -Changes in release 0.4c - - * fix buffer overrun in telnetd - - * repair some of the v4 fallback code in kinit - - * add more shared library dependencies - - * simplify and fix hprop handling of v4 databases - - * fix some building problems (osf's sia and osfc2 login) - - * bug fixes - -Changes in release 0.4b - - * update the shared library version numbers correctly - -Changes in release 0.4a - - * corrected key used for checksum in mk_safe, unfortunately this - makes it backwards incompatible - - * update to autoconf 2.50, libtool 1.4 - - * re-write dns/config lookups (krb5_krbhst API) - - * make order of using subkeys consistent - - * add man page links - - * add more man pages - - * remove rfc2052 support, now only rfc2782 is supported - - * always build with kaserver protocol support in the KDC (assuming - KRB4 is enabled) and support for reading kaserver databases in - hprop - -Changes in release 0.3f - - * change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab, - the new keytab type that tries both of these in order (SRVTAB is - also an alias for krb4:) - - * improve error reporting and error handling (error messages should - be more detailed and more useful) - - * improve building with openssl - - * add kadmin -K, rcp -F - - * fix two incorrect weak DES keys - - * fix building of kaserver compat in KDC - - * the API is closer to what MIT krb5 is using - - * more compatible with windows 2000 - - * removed some memory leaks - - * bug fixes - -Changes in release 0.3e - - * rcp program included - - * fix buffer overrun in ftpd - - * handle omitted sequence numbers as zeroes to handle MIT krb5 that - cannot generate zero sequence numbers - - * handle v4 /.k files better - - * configure/portability fixes - - * fixes in parsing of options to kadmin (sub-)commands - - * handle errors in kadmin load better - - * bug fixes - -Changes in release 0.3d - - * add krb5-config - - * fix a bug in 3des gss-api mechanism, making it compatible with the - specification and the MIT implementation - - * make telnetd only allow a specific list of environment variables to - stop it from setting `sensitive' variables - - * try to use an existing libdes - - * lib/krb5, kdc: use correct usage type for ap-req messages. This - should improve compatability with MIT krb5 when using 3DES - encryption types - - * kdc: fix memory allocation problem - - * update config.guess and config.sub - - * lib/roken: more stuff implemented - - * bug fixes and portability enhancements - -Changes in release 0.3c - - * lib/krb5: memory caches now support the resolve operation - - * appl/login: set PATH to some sane default - - * kadmind: handle several realms - - * bug fixes (including memory leaks) - -Changes in release 0.3b - - * kdc: prefer default-salted keys on v5 requests - - * kdc: lowercase hostnames in v4 mode - - * hprop: handle more types of MIT salts - - * lib/krb5: fix memory leak - - * bug fixes - -Changes in release 0.3a: - - * implement arcfour-hmac-md5 to interoperate with W2K - - * modularise the handling of the master key, and allow for other - encryption types. This makes it easier to import a database from - some other source without having to re-encrypt all keys. - - * allow for better control over which encryption types are created - - * make kinit fallback to v4 if given a v4 KDC - - * make klist work better with v4 and v5, and add some more MIT - compatibility options - - * make the kdc listen on the krb524 (4444) port for compatibility - with MIT krb5 clients - - * implement more DCE/DFS support, enabled with --enable-dce, see - lib/kdfs and appl/dceutils - - * make the sequence numbers work correctly - - * bug fixes - -Changes in release 0.2t: - - * bug fixes - -Changes in release 0.2s: - - * add OpenLDAP support in hdb - - * login will get v4 tickets when it receives forwarded tickets - - * xnlock supports both v5 and v4 - - * repair source routing for telnet - - * fix building problems with krb4 (krb_mk_req) - - * bug fixes - -Changes in release 0.2r: - - * fix realloc memory corruption bug in kdc - - * `add --key' and `cpw --key' in kadmin - - * klist supports listing v4 tickets - - * update config.guess and config.sub - - * make v4 -> v5 principal name conversion more robust - - * support for anonymous tickets - - * new man-pages - - * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab. - - * use and set expiration and not password expiration when dumping - to/from ka server databases / krb4 databases - - * make the code happier with 64-bit time_t - - * follow RFC2782 and by default do not look for non-underscore SRV names - -Changes in release 0.2q: - - * bug fix in tcp-handling in kdc - - * bug fix in expand_hostname - -Changes in release 0.2p: - - * bug fix in `kadmin load/merge' - - * bug fix in krb5_parse_address - -Changes in release 0.2o: - - * gss_{import,export}_sec_context added to libgssapi - - * new option --addresses to kdc (for listening on an explicit set of - addresses) - - * bug fixes in the krb4 and kaserver emulation part of the kdc - - * other bug fixes - -Changes in release 0.2n: - - * more robust parsing of dump files in kadmin - * changed default timestamp format for log messages to extended ISO - 8601 format (Y-M-DTH:M:S) - * changed md4/md5/sha1 APIes to be de-facto `standard' - * always make hostname into lower-case before creating principal - * small bits of more MIT-compatability - * bug fixes - -Changes in release 0.2m: - - * handle glibc's getaddrinfo() that returns several ai_canonname - - * new endian test - - * man pages fixes - -Changes in release 0.2l: - - * bug fixes - -Changes in release 0.2k: - - * better IPv6 test - - * make struct sockaddr_storage in roken work better on alphas - - * some missing [hn]to[hn]s fixed. - - * allow users to change their own passwords with kadmin (with initial - tickets) - - * fix stupid bug in parsing KDC specification - - * add `ktutil change' and `ktutil purge' - -Changes in release 0.2j: - - * builds on Irix - - * ftpd works in passive mode - - * should build on cygwin - - * work around broken IPv6-code on OpenBSD 2.6, also add configure - option --disable-ipv6 - -Changes in release 0.2i: - - * use getaddrinfo in the missing places. - - * fix SRV lookup for admin server - - * use get{addr,name}info everywhere. and implement it in terms of - getipnodeby{name,addr} (which uses gethostbyname{,2} and - gethostbyaddr) - -Changes in release 0.2h: - - * fix typo in kx (now compiles) - -Changes in release 0.2g: - - * lots of bug fixes: - * push works - * repair appl/test programs - * sockaddr_storage works on solaris (alignment issues) - * works better with non-roken getaddrinfo - * rsh works - * some non standard C constructs removed - -Changes in release 0.2f: - - * support SRV records for kpasswd - * look for both _kerberos and krb5-realm when doing host -> realm mapping - -Changes in release 0.2e: - - * changed copyright notices to remove `advertising'-clause. - * get{addr,name}info added to roken and used in the other code - (this makes things work much better with hosts with both v4 and v6 - addresses, among other things) - * do pre-auth for both password and key-based get_in_tkt - * support for having several databases - * new command `del_enctype' in kadmin - * strptime (and new strftime) add to roken - * more paranoia about finding libdb - * bug fixes - -Changes in release 0.2d: - - * new configuration option [libdefaults]default_etypes_des - * internal ls in ftpd builds without KRB4 - * kx/rsh/push/pop_debug tries v5 and v4 consistenly - * build bug fixes - * other bug fixes - -Changes in release 0.2c: - - * bug fixes (see ChangeLog's for details) - -Changes in release 0.2b: - - * bug fixes - * actually bump shared library versions - -Changes in release 0.2a: - - * a new program verify_krb5_conf for checking your /etc/krb5.conf - * add 3DES keys when changing password - * support null keys in database - * support multiple local realms - * implement a keytab backend for AFS KeyFile's - * implement a keytab backend for v4 srvtabs - * implement `ktutil copy' - * support password quality control in v4 kadmind - * improvements in v4 compat kadmind - * handle the case of having the correct cred in the ccache but with - the wrong encryption type better - * v6-ify the remaining programs. - * internal ls in ftpd - * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat - * add `ank --random-password' and `cpw --random-password' in kadmin - * some programs and documentation for trying to talk to a W2K KDC - * bug fixes - -Changes in release 0.1m: - - * support for getting default from krb5.conf for kinit/kf/rsh/telnet. - From Miroslav Ruda <ruda@ics.muni.cz> - * v6-ify hprop and hpropd - * support numeric addresses in krb5_mk_req - * shadow support in login and su. From Miroslav Ruda <ruda@ics.muni.cz> - * make rsh/rshd IPv6-aware - * make the gssapi sample applications better at reporting errors - * lots of bug fixes - * handle systems with v6-aware libc and non-v6 kernels (like Linux - with glibc 2.1) better - * hide failure of ERPT in ftp - * lots of bug fixes - -Changes in release 0.1l: - - * make ftp and ftpd IPv6-aware - * add inet_pton to roken - * more IPv6-awareness - * make mini_inetd v6 aware - -Changes in release 0.1k: - - * bump shared libraries versions - * add roken version of inet_ntop - * merge more changes to rshd - -Changes in release 0.1j: - - * restore back to the `old' 3DES code. This was supposed to be done - in 0.1h and 0.1i but I did a CVS screw-up. - * make telnetd handle v6 connections - -Changes in release 0.1i: - - * start using `struct sockaddr_storage' which simplifies the code - (with a fallback definition if it's not defined) - * bug fixes (including in hprop and kf) - * don't use mawk which seems to mishandle roken.awk - * get_addrs should be able to handle v6 addresses on Linux (with the - required patch to the Linux kernel -- ask within) - * rshd builds with shadow passwords - -Changes in release 0.1h: - - * kf: new program for forwarding credentials - * portability fixes - * make forwarding credentials work with MIT code - * better conversion of ka database - * add etc/services.append - * correct `modified by' from kpasswdd - * lots of bug fixes - -Changes in release 0.1g: - - * kgetcred: new program for explicitly obtaining tickets - * configure fixes - * krb5-aware kx - * bug fixes - -Changes in release 0.1f; - - * experimental support for v4 kadmin protokoll in kadmind - * bug fixes - -Changes in release 0.1e: - - * try to handle old DCE and MIT kdcs - * support for older versions of credential cache files and keytabs - * postdated tickets work - * support for password quality checks in kpasswdd - * new flag --enable-kaserver for kdc - * renew fixes - * prototype su program - * updated (some) manpages - * support for KDC resource records - * should build with --without-krb4 - * bug fixes - -Changes in release 0.1d: - - * Support building with DB2 (uses 1.85-compat API) - * Support krb5-realm.DOMAIN in DNS - * new `ktutil srvcreate' - * v4/kafs support in klist/kdestroy - * bug fixes - -Changes in release 0.1c: - - * fix ASN.1 encoding of signed integers - * somewhat working `ktutil get' - * some documentation updates - * update to Autoconf 2.13 and Automake 1.4 - * the usual bug fixes - -Changes in release 0.1b: - - * some old -> new crypto conversion utils - * bug fixes - -Changes in release 0.1a: - - * new crypto code - * more bug fixes - * make sure we ask for DES keys in gssapi - * support signed ints in ASN1 - * IPv6-bug fixes - -Changes in release 0.0u: - - * lots of bug fixes - -Changes in release 0.0t: - - * more robust parsing of krb5.conf - * include net{read,write} in lib/roken - * bug fixes - -Changes in release 0.0s: - - * kludges for parsing options to rsh - * more robust parsing of krb5.conf - * removed some arbitrary limits - * bug fixes - -Changes in release 0.0r: - - * default options for some programs - * bug fixes - -Changes in release 0.0q: - - * support for building shared libraries with libtool - * bug fixes - -Changes in release 0.0p: - - * keytab moved to /etc/krb5.keytab - * avoid false detection of IPv6 on Linux - * Lots of more functionality in the gssapi-library - * hprop can now read ka-server databases - * bug fixes - -Changes in release 0.0o: - - * FTP with GSSAPI support. - * Bug fixes. - -Changes in release 0.0n: - - * Incremental database propagation. - * Somewhat improved kadmin ui; the stuff in admin is now removed. - * Some support for using enctypes instead of keytypes. - * Lots of other improvement and bug fixes, see ChangeLog for details. |