Date: Fri, 5 May 1995 20:10:52 +0500
From: Theodore Ts'o <tytso@MIT.EDU>
To: kerberos@MIT.EDU


I am proud to announce the release of Kerberos V5 Beta 5.  This release
contains several new features, including:

	* The Kerberos Library API has been improved to both simplify
		it and make it more suitable for use with shared
		libraries.  (There are now context variables which are
		initialized at the beginning of a program, and passed
		to all Kerberos Library functions.  This allows us to
		avoid the use of static variables inside shared libraries.)

	* The Kerberos V4 library is now integrated into the source
		tree, to make it easier to provide V4 backwards
		compatibility.

	* Revamp of the admin servers.  For a long time, the Kerberos
		Administration server provided by the MIT
		implementation has been substandard.  We are now
		beginning to address this in the Beta 5 release.

		The Kerberos Administraton server that had been
		donated by Sandia National Labs is now in kadmin.old;
		it is provided for backwards compatibility for sites
		that had been using this in production.
		Unfortunately, the code was very badly written not and
		really suitable for long-term maintenance.  Thus, we
		will be deprecating its use in the future.

		The V4 Kadmin server which provides full backwards
		compatibility with the V4 kadmin clients provided by
		the V4 distribution (and is a full-functioning kadmin
		server) is available in the src/kadmin.v4 directory.

		A proposed new "standard" for doing password changing,
		which has been developed in consultation with
		commercial vendors of Kerberos, can be found in the file
		doc/kadmin/kpasswd.protocol.  It is my intention to 
		promulgate this as a standard interface for changing
		Kerberos V5 passwords.  An initial implementation of
		this password changing protocol can be found in src/kadmin.
		It is currently ALPHA quality, and should not (yet) be
		used in production.  It will be significantly improved
		in further releases.

	* A dejagnu test suite has been added to the "make check"
		operation.  If dejagnu is availble, it will allow you
		to perform an overall system validation test on the
		Kerberos tree.  (The number of tests being performed
		at the moment is still relatively small; expect to see
		this increase in future releases.)

	* DES-MD5 support.  With this release, servers will be able to
		understand tickets and authenticators using the
		DES-MD5 encryption scheme, as required by RFC-1510.
		Previous releases only understood the DES-CRC
		encryption system.  For backwards compatibility
		reasons, the KDC will only issue tickets using the
		DES-CRC encryption unless the SUPPORT_DES_MD5
		attribute is set in the server's Kerberos database
		entry.

	* Updated building and installation documentation.

	* Lots of miscellaneous bug fixes and improvements.

KNOWN BUGS
==========

* The installation mechanism in the Makefiles is known to be awkward
	and incompatible.  Currently, binaries are installed into
	/krb5/bin...  In the future, we will be adopting the GNU
	standard mechanism of specifying a prefix directory (by
	default /usr/local), and then installing files in /prefix/bin,
	/prefix/lib, /prefix/include, /prefix/lib/kdb5, etc.

* Ultimately, the only file which application programs will need to
	#include is krb5.h, and this file will be the only header file
	which needs to be installed.  Unfortunately, krb5.h still
	includes the com_err generated include files, so those files
	must be installed as well.  This will be fixed in a future
	release.

* You may see evidence of Mac and Windows ports in the Kerberos V5
	source tree.  This work is still underway, and is not
	guaranteed to build or work.


						- Ted


FTP Instructions:  FTP to athena-dist.mit.edu, in /pub/kerberos.  Get
the file README.KRB5_BETA5.  It will contain instructions on how to
obtain the Beta 5 release.



>>									     <<
>> Please report any problems/bugs/comments to 'krb5-bugs@athena.mit.edu'    <<
>>									     <<



Appreciation Time!!!!  There are far too many people to try to thank
them all; many people have contributed to the development of Kerberos
V5.  This is only a partial listing....  

Thanks to Mark Eichin at Cygnus for writing the new autoconf
configuration system, for making the code much more portable, and for
serving as pre-release testers.

Thanks to Marc Horowitz, Barry Jaspan, and Jonathan Kamens (and
others) at Openvision, Inc. for providing us with an GSS-API library,
for serving as pre-release testers, and for finding and fixing many
bugs.

Thanks to Cybersafe for providing patches to fix bugs with inter-realm
authentication.  

Thanks to Ari Medivnsky and Cliff Neuman for writing a ksu client.

Thanks to Jim Miller from Suite Software for contributing many detailed
bug reports, most of them by doing desk checks over the code!

Thanks to Prasad Upasani from ISI for porting the Berkeley
rlogin/rsh/rcp suite and for testing out our distribution on the Sun.

Thanks to Glenn Machin and Bill Wrahe from Sandia National Labs for
contributing the old kadmin server, plus lots of bugfixes.

Thanks to Bill Sommerfeld from HP for commenting on early Kerberos
interface drafts, suggesting improvements in later coding interfaces,
and finding and fixing many bugs.

Thanks to Paul Borman from Cray for writing the Kerberos v4 to v5 glue
layer and the Kerberos v5 subroutines for telnet.  

Thanks to Dan Bernstein, for providing the replay cache code.  

Thanks to the members of the Kerberos V5 development team at MIT, both
past and present: Jay Berkenbilt, John Carr, Don Davis, Nancy Gilman,
Barry Jaspan, John Kohl, Cliff Neuman, Paul Park, Chris Provenzano,
Jon Rochlis, Jeff Schiller, Ted Ts'o, Tom Yu.


Note:

Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, and 
Zephyr are trademarks of the Massachusetts Institute of Technology (MIT).  No 
commercial use of these trademarks may be made without prior written 
permission of MIT.
	
FYI, "commercial use" means use of a name in a product or other for-profit 
manner.  It does NOT prevent a commercial firm from referring to the MIT
trademarks in order to convey information (although in doing so, recognition
of their trademark status should be given).