Date: Wed, 30 Sep 92 17:12:29 -0400
From: tytso@Athena.MIT.EDU (Theodore Ts'o)
To: kerberos@Athena.MIT.EDU

I am pleased to announce the release of the Beta two version of MIT's
Kerberos V5 package.  This release of Kerberos V5 brings our
implementation into full compliance with the current protocol
specification of the Kerberos V5 protocol.  [1]

A large number of things have been changed in this release.  The most
visible change is that this release is *not* compatible with the Beta
1 distribution; some protocol changes were made to the Kerberos V5
spec after Beta 1 was released.  In addition, we took the opportunity
to change the file formats of the keytab files (aka srvtab file) and
the credentials cache (aka ticket file).  The release should represent
the last set of non-compatible changes made to KRB V5; we will use
version number tags and careful file format changes to assure at least
backwards compatibility, should any changes need to be made.

This version also supports preauthentication, so that the KDC can
pre-validate a AS request before it sends you its response containing
the encrypted ticket.  This prevents off-line password attacks which
are otherwise possible.  Each principal has an flag indicating whether
or not preauthentication is required; you may choose to set that flag
for all your users.

One big programming level change that I will mention here is that the
definition of krb5_principal has changed.  Since there wasn't a good
abstraction barrier in place, this caused a lot of code changes.
There is now a set of access functions (defined in
include/krb5/base-defs.h) which your code should use if you need to
look inside of krb5_principal structure.

This version does not include the telnet application.  This is a
temporary thing; the next release will include telnet.  There simply
just wasn't enough time to merge in our changes and clean up the
telnet code.

Also, I've currently only released an minimal set of documentation.
Given the press of time, there wasn't enough time to update the
documentation, and many parts of the documentation were out of date
enough to be confusing.  A more complete set of documentation will
be released shortly.

In order to obtain the release, ftp to ATHENA-DIST.MIT.EDU, and cd to
/pub/kerberos.  Get the file README.KRB5_BETA2.  That file will
contain instructions for obtaining the rest of the Kerberos V5
distribution.

Please send any bugs to krb5-bugs@athena.mit.edu.

Whew!  It's done and finally out the door; what a relief!  I want to
extend my thanks to all of you who have been patiently waiting for Beta
2 to be released.  It's been a long wait, but I hope it will be worth
it.

						- Ted

[1] C. Neumann, J. Kohl, The Kerberos(tm) Network Authentication
	Service (V5).  April, 1992.  Currently released as an Internet Draft.