Date: Fri, 5 May 1995 20:10:52 +0500
From: Theodore Ts'o <tytso@MIT.EDU>
I am proud to announce the release of Kerberos V5 Beta 5. This release
contains several new features, including:
* The Kerberos Library API has been improved to both simplify
it and make it more suitable for use with shared
libraries. (There are now context variables which are
initialized at the beginning of a program, and passed
to all Kerberos Library functions. This allows us to
avoid the use of static variables inside shared libraries.)
* The Kerberos V4 library is now integrated into the source
tree, to make it easier to provide V4 backwards
* Revamp of the admin servers. For a long time, the Kerberos
Administration server provided by the MIT
implementation has been substandard. We are now
beginning to address this in the Beta 5 release.
The Kerberos Administraton server that had been
donated by Sandia National Labs is now in kadmin.old;
it is provided for backwards compatibility for sites
that had been using this in production.
Unfortunately, the code was very badly written not and
really suitable for long-term maintenance. Thus, we
will be deprecating its use in the future.
The V4 Kadmin server which provides full backwards
compatibility with the V4 kadmin clients provided by
the V4 distribution (and is a full-functioning kadmin
server) is available in the src/kadmin.v4 directory.
A proposed new "standard" for doing password changing,
which has been developed in consultation with
commercial vendors of Kerberos, can be found in the file
doc/kadmin/kpasswd.protocol. It is my intention to
promulgate this as a standard interface for changing
Kerberos V5 passwords. An initial implementation of
this password changing protocol can be found in src/kadmin.
It is currently ALPHA quality, and should not (yet) be
used in production. It will be significantly improved
in further releases.
* A dejagnu test suite has been added to the "make check"
operation. If dejagnu is availble, it will allow you
to perform an overall system validation test on the
Kerberos tree. (The number of tests being performed
at the moment is still relatively small; expect to see
this increase in future releases.)
* DES-MD5 support. With this release, servers will be able to
understand tickets and authenticators using the
DES-MD5 encryption scheme, as required by RFC-1510.
Previous releases only understood the DES-CRC
encryption system. For backwards compatibility
reasons, the KDC will only issue tickets using the
DES-CRC encryption unless the SUPPORT_DES_MD5
attribute is set in the server's Kerberos database
* Updated building and installation documentation.
* Lots of miscellaneous bug fixes and improvements.
* The installation mechanism in the Makefiles is known to be awkward
and incompatible. Currently, binaries are installed into
/krb5/bin... In the future, we will be adopting the GNU
standard mechanism of specifying a prefix directory (by
default /usr/local), and then installing files in /prefix/bin,
/prefix/lib, /prefix/include, /prefix/lib/kdb5, etc.
* Ultimately, the only file which application programs will need to
#include is krb5.h, and this file will be the only header file
which needs to be installed. Unfortunately, krb5.h still
includes the com_err generated include files, so those files
must be installed as well. This will be fixed in a future
* You may see evidence of Mac and Windows ports in the Kerberos V5
source tree. This work is still underway, and is not
guaranteed to build or work.
FTP Instructions: FTP to athena-dist.mit.edu, in /pub/kerberos. Get
the file README.KRB5_BETA5. It will contain instructions on how to
obtain the Beta 5 release.
>> Please report any problems/bugs/comments to 'email@example.com' <<
Appreciation Time!!!! There are far too many people to try to thank
them all; many people have contributed to the development of Kerberos
V5. This is only a partial listing....
Thanks to Mark Eichin at Cygnus for writing the new autoconf
configuration system, for making the code much more portable, and for
serving as pre-release testers.
Thanks to Marc Horowitz, Barry Jaspan, and Jonathan Kamens (and
others) at Openvision, Inc. for providing us with an GSS-API library,
for serving as pre-release testers, and for finding and fixing many
Thanks to Cybersafe for providing patches to fix bugs with inter-realm
Thanks to Ari Medivnsky and Cliff Neuman for writing a ksu client.
Thanks to Jim Miller from Suite Software for contributing many detailed
bug reports, most of them by doing desk checks over the code!
Thanks to Prasad Upasani from ISI for porting the Berkeley
rlogin/rsh/rcp suite and for testing out our distribution on the Sun.
Thanks to Glenn Machin and Bill Wrahe from Sandia National Labs for
contributing the old kadmin server, plus lots of bugfixes.
Thanks to Bill Sommerfeld from HP for commenting on early Kerberos
interface drafts, suggesting improvements in later coding interfaces,
and finding and fixing many bugs.
Thanks to Paul Borman from Cray for writing the Kerberos v4 to v5 glue
layer and the Kerberos v5 subroutines for telnet.
Thanks to Dan Bernstein, for providing the replay cache code.
Thanks to the members of the Kerberos V5 development team at MIT, both
past and present: Jay Berkenbilt, John Carr, Don Davis, Nancy Gilman,
Barry Jaspan, John Kohl, Cliff Neuman, Paul Park, Chris Provenzano,
Jon Rochlis, Jeff Schiller, Ted Ts'o, Tom Yu.
Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, and
Zephyr are trademarks of the Massachusetts Institute of Technology (MIT). No
commercial use of these trademarks may be made without prior written
permission of MIT.
FYI, "commercial use" means use of a name in a product or other for-profit
manner. It does NOT prevent a commercial firm from referring to the MIT
trademarks in order to convey information (although in doing so, recognition
of their trademark status should be given).