Date: Fri, 5 May 1995 20:10:52 +0500 From: Theodore Ts'o <tytso@MIT.EDU> To: kerberos@MIT.EDU I am proud to announce the release of Kerberos V5 Beta 5. This release contains several new features, including: * The Kerberos Library API has been improved to both simplify it and make it more suitable for use with shared libraries. (There are now context variables which are initialized at the beginning of a program, and passed to all Kerberos Library functions. This allows us to avoid the use of static variables inside shared libraries.) * The Kerberos V4 library is now integrated into the source tree, to make it easier to provide V4 backwards compatibility. * Revamp of the admin servers. For a long time, the Kerberos Administration server provided by the MIT implementation has been substandard. We are now beginning to address this in the Beta 5 release. The Kerberos Administraton server that had been donated by Sandia National Labs is now in kadmin.old; it is provided for backwards compatibility for sites that had been using this in production. Unfortunately, the code was very badly written not and really suitable for long-term maintenance. Thus, we will be deprecating its use in the future. The V4 Kadmin server which provides full backwards compatibility with the V4 kadmin clients provided by the V4 distribution (and is a full-functioning kadmin server) is available in the src/kadmin.v4 directory. A proposed new "standard" for doing password changing, which has been developed in consultation with commercial vendors of Kerberos, can be found in the file doc/kadmin/kpasswd.protocol. It is my intention to promulgate this as a standard interface for changing Kerberos V5 passwords. An initial implementation of this password changing protocol can be found in src/kadmin. It is currently ALPHA quality, and should not (yet) be used in production. It will be significantly improved in further releases. * A dejagnu test suite has been added to the "make check" operation. If dejagnu is availble, it will allow you to perform an overall system validation test on the Kerberos tree. (The number of tests being performed at the moment is still relatively small; expect to see this increase in future releases.) * DES-MD5 support. With this release, servers will be able to understand tickets and authenticators using the DES-MD5 encryption scheme, as required by RFC-1510. Previous releases only understood the DES-CRC encryption system. For backwards compatibility reasons, the KDC will only issue tickets using the DES-CRC encryption unless the SUPPORT_DES_MD5 attribute is set in the server's Kerberos database entry. * Updated building and installation documentation. * Lots of miscellaneous bug fixes and improvements. KNOWN BUGS ========== * The installation mechanism in the Makefiles is known to be awkward and incompatible. Currently, binaries are installed into /krb5/bin... In the future, we will be adopting the GNU standard mechanism of specifying a prefix directory (by default /usr/local), and then installing files in /prefix/bin, /prefix/lib, /prefix/include, /prefix/lib/kdb5, etc. * Ultimately, the only file which application programs will need to #include is krb5.h, and this file will be the only header file which needs to be installed. Unfortunately, krb5.h still includes the com_err generated include files, so those files must be installed as well. This will be fixed in a future release. * You may see evidence of Mac and Windows ports in the Kerberos V5 source tree. This work is still underway, and is not guaranteed to build or work. - Ted FTP Instructions: FTP to athena-dist.mit.edu, in /pub/kerberos. Get the file README.KRB5_BETA5. It will contain instructions on how to obtain the Beta 5 release. >> << >> Please report any problems/bugs/comments to 'krb5-bugs@athena.mit.edu' << >> << Appreciation Time!!!! There are far too many people to try to thank them all; many people have contributed to the development of Kerberos V5. This is only a partial listing.... Thanks to Mark Eichin at Cygnus for writing the new autoconf configuration system, for making the code much more portable, and for serving as pre-release testers. Thanks to Marc Horowitz, Barry Jaspan, and Jonathan Kamens (and others) at Openvision, Inc. for providing us with an GSS-API library, for serving as pre-release testers, and for finding and fixing many bugs. Thanks to Cybersafe for providing patches to fix bugs with inter-realm authentication. Thanks to Ari Medivnsky and Cliff Neuman for writing a ksu client. Thanks to Jim Miller from Suite Software for contributing many detailed bug reports, most of them by doing desk checks over the code! Thanks to Prasad Upasani from ISI for porting the Berkeley rlogin/rsh/rcp suite and for testing out our distribution on the Sun. Thanks to Glenn Machin and Bill Wrahe from Sandia National Labs for contributing the old kadmin server, plus lots of bugfixes. Thanks to Bill Sommerfeld from HP for commenting on early Kerberos interface drafts, suggesting improvements in later coding interfaces, and finding and fixing many bugs. Thanks to Paul Borman from Cray for writing the Kerberos v4 to v5 glue layer and the Kerberos v5 subroutines for telnet. Thanks to Dan Bernstein, for providing the replay cache code. Thanks to the members of the Kerberos V5 development team at MIT, both past and present: Jay Berkenbilt, John Carr, Don Davis, Nancy Gilman, Barry Jaspan, John Kohl, Cliff Neuman, Paul Park, Chris Provenzano, Jon Rochlis, Jeff Schiller, Ted Ts'o, Tom Yu. Note: Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, and Zephyr are trademarks of the Massachusetts Institute of Technology (MIT). No commercial use of these trademarks may be made without prior written permission of MIT. FYI, "commercial use" means use of a name in a product or other for-profit manner. It does NOT prevent a commercial firm from referring to the MIT trademarks in order to convey information (although in doing so, recognition of their trademark status should be given).