From bcn@ATHENA.MIT.EDU Tue Aug 19 21:57:25 1986 From: Clifford Neuman <bcn@ATHENA.MIT.EDU> Date: Tue, 19 Aug 86 19:53:53 EDT To: geer Subject: New release Cc: asp, kerberos There is a new version of kerberos available for friendly testers and others who want it. It can be found in ~auth/src/kerberos.tar on menelaus. As before, to use it, untar this file where you want the new kerberos directory to go. The tar file will create the directory for you. If you already have a local kerberos directory, delete it, or move it before untaring the new release. Once untared, set the symbolic link "/krb" to point to the new directory. If you are on a workstation and don't want the .a or .h files, feel free to delete them. It will give you back considerable space. WARNING: if you run the old version of kinit you must use the old verions of rlogin, rcp, etc, and vice versa. Using different versions of these commands will result in a segmentation fault because of (infinite recursion). The new release provides the following: krb.conf This file specifies your local realm on the first line and the kerbeors servers for various realms on the following lines. Warning: If not hosts are specified for the default realm, kinit will time out real fast as it "retries each of them" multiple times. kinit no longer prints a message except for failures, or if you specify the "-c" (confirmation) flag. It also allows you specify a realm with the "-r" flag. This only works if you have hosts listed in /etc/krb.conf for that realm. kinit will also now try multiple kerberos servers if more than one has been specified in /krb.conf. kdestroy has a "-q" (quiet) and a "-f" (force) option. The quiet option suppresses printing ^Gs wheras the force option keeps it from printing anything. Also, thanks to wesommer, kdestroy no zeroes the ticket file before unlinking it. klogind Assorted bug fixes. kshd rlogin rcp rsh ----- realms Are now supported. You should not hardcode realm names when using kerberos. You can, instead, use the routine krb_getrlm(s,1) to write the current realm (from krb.conf) into the string pointed to by s. The length of this string should be REALM_SZ. prot v4 The initial exchange of tickets now uses protocol version 4. This limits the number of tickets requested to 1. The change will alow the kerberos server to be more resistant to errors since the lentgh of its response is now bounded. The increment in ther version number effects other exchanges as well. Version three will be phased out and no longer supported sometome around the 27th.