Date: Fri, 20 Dec 1996 12:32:00 -0500
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: kerberos@MIT.EDU, kerberos-announce@MIT.EDU
At long last, the MIT Kerberos Team is proud to announce the
availability of MIT Kerberos V5 Release 1.0. This release includes
everything you need to set up and use Kerberos, including:
* The Kerberos server.
* A full-featured Kerberos administration system, including
support for password policies.
* Secure, encrypting versions of common network utilities:
telnet, rlogin, rsh, rcp, ftp.
* All the libraries needed to integrate Kerberos security into
new applications: GSS-API libraries, Kerberos 5 libraries,
cryptographic algorithms, and more.
This release is available both as source code and as pre-built binary
distributions for a number of Unix platforms. To retrieve either the
source or binary distriubtions, visit our new Kerberos web page:
http://web.mit.edu/kerberos/www/index.html. (See below for
instructions on obtaining the source distribution via FTP.)
Warning: We are providing binary distributions for this release
as a convenience to sites that are interested in experimenting with
Kerberos for the first time, without needing to build it all from
source. However, in general it is a very bad idea to run security
software that you've downloaded from the net, since you have no way of
knowing whether someone has left any "surprises" behind. If you are
going to be using Kerberos V5 in production, we strongly recommend
that you get the Krb5 sources and build the Krb5 distribution
MIT Kerberos V5 1.0 has been tested on at least the following
* Digital Unix (OSF/1) 3.2
* Digital Unix (OSF/1) 4.0
* HPUX 10
* FreeBSD 2.1 (i386)
* Netbsd 1.x (i386, m68k, and sparc)
* Linux 2.x (i386)
* Ultrix 4.2
* Irix 5.3
* AIX 3.2.5
* SunOS 4.1
* Solaris 2.4
* Solaris 2.5.1
The Macintosh port is now fully functional, although the UI still
leaves much to be desired. This will be the focus of future work on
The Windows 16 port is also fully functional, although one major (but
obvious and easy to correct) bug crept in at the last minute. (See
our known bugs web page for more details.) One major difference from
the previous Beta releases is that the DLL has been renamed from
LIBKRB5.DLL to KRB5_16.DLL. This is to avoid conflicts with the a 32
bit version of the Krb5 DLL.
Unfortunately delays with stablizing and integrating the NT release
prevented us from shipping this functionality with the 1.0 release.
We are making available, concurrent with the 1.0 release, an ALPHA
snapshot (release WINNT_ALPHA1_SNAPSHOT). This should not be used in
production, as it has several known problems:
* The GSSAPI test application doesn't work, so the GSSAPI
library has not been tested.
* The GINA doesn't yet work.
* Help files are not yet available
The only working applications for Windows NT are the credentials
manager and a telnet application.
In addition, we are continueing to work on this release on an on-going
basis, so if you plan to be doing any NT work, you should contact us
at email@example.com, so that we can more properly coordinate our work.
NT support will be folded in to the mainline release before the next
Notes and Major Changes since Beta 7
* We are now using the GNATS system to track bug reports for Kerberos
V5. It is therefore helpful for people to use the krb5-send-pr
program when reporting bugs. The old interface of sending mail to
firstname.lastname@example.org will still work; however, bug reports sent in this
fashion may experience a delay in being processed.
* The default keytab name has changed from /etc/v5srvtab to
* login.krb5 no longer defaults to getting krb4 tickets.
* The Windows (win16) DLL, LIBKRB5.DLL, has been renamed to
KRB5_16.DLL. This change was necessary to distinguish it from the
win32 version, which will be named KRB5_32.DLL. Note that the
GSSAPI.DLL file has not been renamed, because this name was specified
in a draft standard for the Windows 16 GSSAPI bindings. (The 32-bit
version of the GSSAPI DLL will be named GSSAPI32.DLL.)
* The directory structure used for installations has changed. In
particular, files previously located in $prefix/lib/krb5kdc are now
normally located in $sysconfdir/krb5kdc. With the normal configure
options, this means the KDC database goes in /usr/local/var/krb5kdc by
default. If you wish to have the old behavior, then you would use a
configure line like the following:
configure --prefix=/usr/local --sysconfdir=/usr/local/lib
* kshd has been modified to accept krb4 encrypted rcp connections; for
this to work, the v4rcp program must be in the bin directory.
Instructions for obtaining the release
Via the WEB:
Go to the MIT Kerberos home page at:
and click on the link: "Getting Kerberos from MIT".
FTP to athena-dist.mit.edu, in /pub/kerberos. Get the file
README.KRB5_R1.0. It will contain instructions on how to
obtain the 1.0 release.
>> Please report any problems/bugs/comments using krb5-send-pr <<
Appreciation Time!!!! There are far too many people to try to thank
them all; many people have contributed to the development of Kerberos
V5. This is only a partial listing....
Thanks to Paul Vixie and the Internet Software Consortium for funding
the work of Barry Jaspan. This funding was invaluable for the OV
administration server integration, as well as the 1.0 release
Thanks to John Linn, Scott Foote, and all of the folks at OpenVision
Technologies, Inc., who donated their administration server for use in
the MIT release of Kerberos.
Thanks to Jeff Bigler, Mark Eichin, Marc Horowitz, Nancy Gilman, Ken
Raeburn, and all of the folks at Cygnus Support, who provided
innumerable bug fixes and portability enhancements to the Kerberos V5
tree. Thanks especially to Jeff Bigler, for the new user and system
Thanks to Doug Engert from ANL for providing many bug fixes, as well
as testing to ensure DCE interoperability.
Thanks to Ken Hornstein at NRL for providing many bug fixes and
Thanks to Sean Mullan and Bill Sommerfeld from Hewlett Packard for
their many suggestions and bug fixes.
Thanks to the members of the Kerberos V5 development team at MIT, both
past and present: Jay Berkenbilt, Richard Basch, John Carr, Don
Davis, Nancy Gilman, Sam Hartman, Marc Horowitz, Barry Jaspan, John
Kohl, Cliff Neuman, Kevin Mitchell, Paul Park, Ezra Peisach, Chris
Provenzano, Jon Rochlis, Jeff Schiller, Harry Tsai, Ted Ts'o, Tom Yu.