Date: Wed, 30 Sep 92 17:12:29 -0400 From: tytso@Athena.MIT.EDU (Theodore Ts'o) To: kerberos@Athena.MIT.EDU I am pleased to announce the release of the Beta two version of MIT's Kerberos V5 package. This release of Kerberos V5 brings our implementation into full compliance with the current protocol specification of the Kerberos V5 protocol. [1] A large number of things have been changed in this release. The most visible change is that this release is *not* compatible with the Beta 1 distribution; some protocol changes were made to the Kerberos V5 spec after Beta 1 was released. In addition, we took the opportunity to change the file formats of the keytab files (aka srvtab file) and the credentials cache (aka ticket file). The release should represent the last set of non-compatible changes made to KRB V5; we will use version number tags and careful file format changes to assure at least backwards compatibility, should any changes need to be made. This version also supports preauthentication, so that the KDC can pre-validate a AS request before it sends you its response containing the encrypted ticket. This prevents off-line password attacks which are otherwise possible. Each principal has an flag indicating whether or not preauthentication is required; you may choose to set that flag for all your users. One big programming level change that I will mention here is that the definition of krb5_principal has changed. Since there wasn't a good abstraction barrier in place, this caused a lot of code changes. There is now a set of access functions (defined in include/krb5/base-defs.h) which your code should use if you need to look inside of krb5_principal structure. This version does not include the telnet application. This is a temporary thing; the next release will include telnet. There simply just wasn't enough time to merge in our changes and clean up the telnet code. Also, I've currently only released an minimal set of documentation. Given the press of time, there wasn't enough time to update the documentation, and many parts of the documentation were out of date enough to be confusing. A more complete set of documentation will be released shortly. In order to obtain the release, ftp to ATHENA-DIST.MIT.EDU, and cd to /pub/kerberos. Get the file README.KRB5_BETA2. That file will contain instructions for obtaining the rest of the Kerberos V5 distribution. Please send any bugs to krb5-bugs@athena.mit.edu. Whew! It's done and finally out the door; what a relief! I want to extend my thanks to all of you who have been patiently waiting for Beta 2 to be released. It's been a long wait, but I hope it will be worth it. - Ted [1] C. Neumann, J. Kohl, The Kerberos(tm) Network Authentication Service (V5). April, 1992. Currently released as an Internet Draft.