Date: Fri, 20 Dec 1996 12:32:00 -0500 From: "Theodore Y. Ts'o" <tytso@MIT.EDU> To: kerberos@MIT.EDU, kerberos-announce@MIT.EDU At long last, the MIT Kerberos Team is proud to announce the availability of MIT Kerberos V5 Release 1.0. This release includes everything you need to set up and use Kerberos, including: * The Kerberos server. * A full-featured Kerberos administration system, including support for password policies. * Secure, encrypting versions of common network utilities: telnet, rlogin, rsh, rcp, ftp. * All the libraries needed to integrate Kerberos security into new applications: GSS-API libraries, Kerberos 5 libraries, cryptographic algorithms, and more. This release is available both as source code and as pre-built binary distributions for a number of Unix platforms. To retrieve either the source or binary distriubtions, visit our new Kerberos web page: http://web.mit.edu/kerberos/www/index.html. (See below for instructions on obtaining the source distribution via FTP.) Warning: We are providing binary distributions for this release as a convenience to sites that are interested in experimenting with Kerberos for the first time, without needing to build it all from source. However, in general it is a very bad idea to run security software that you've downloaded from the net, since you have no way of knowing whether someone has left any "surprises" behind. If you are going to be using Kerberos V5 in production, we strongly recommend that you get the Krb5 sources and build the Krb5 distribution yourself." MIT Kerberos V5 1.0 has been tested on at least the following platforms: * Digital Unix (OSF/1) 3.2 * Digital Unix (OSF/1) 4.0 * HPUX 10 * FreeBSD 2.1 (i386) * Netbsd 1.x (i386, m68k, and sparc) * Linux 2.x (i386) * Ultrix 4.2 * Irix 5.3 * AIX 3.2.5 * SunOS 4.1 * Solaris 2.4 * Solaris 2.5.1 The Macintosh port is now fully functional, although the UI still leaves much to be desired. This will be the focus of future work on this platform. The Windows 16 port is also fully functional, although one major (but obvious and easy to correct) bug crept in at the last minute. (See our known bugs web page for more details.) One major difference from the previous Beta releases is that the DLL has been renamed from LIBKRB5.DLL to KRB5_16.DLL. This is to avoid conflicts with the a 32 bit version of the Krb5 DLL. Unfortunately delays with stablizing and integrating the NT release prevented us from shipping this functionality with the 1.0 release. We are making available, concurrent with the 1.0 release, an ALPHA snapshot (release WINNT_ALPHA1_SNAPSHOT). This should not be used in production, as it has several known problems: * The GSSAPI test application doesn't work, so the GSSAPI library has not been tested. * The GINA doesn't yet work. * Help files are not yet available The only working applications for Windows NT are the credentials manager and a telnet application. In addition, we are continueing to work on this release on an on-going basis, so if you plan to be doing any NT work, you should contact us at krbdev@mit.edu, so that we can more properly coordinate our work. NT support will be folded in to the mainline release before the next major release. Notes and Major Changes since Beta 7 ------------------------------------ * We are now using the GNATS system to track bug reports for Kerberos V5. It is therefore helpful for people to use the krb5-send-pr program when reporting bugs. The old interface of sending mail to krb5-bugs@mit.edu will still work; however, bug reports sent in this fashion may experience a delay in being processed. * The default keytab name has changed from /etc/v5srvtab to /etc/krb5.keytab. * login.krb5 no longer defaults to getting krb4 tickets. * The Windows (win16) DLL, LIBKRB5.DLL, has been renamed to KRB5_16.DLL. This change was necessary to distinguish it from the win32 version, which will be named KRB5_32.DLL. Note that the GSSAPI.DLL file has not been renamed, because this name was specified in a draft standard for the Windows 16 GSSAPI bindings. (The 32-bit version of the GSSAPI DLL will be named GSSAPI32.DLL.) * The directory structure used for installations has changed. In particular, files previously located in $prefix/lib/krb5kdc are now normally located in $sysconfdir/krb5kdc. With the normal configure options, this means the KDC database goes in /usr/local/var/krb5kdc by default. If you wish to have the old behavior, then you would use a configure line like the following: configure --prefix=/usr/local --sysconfdir=/usr/local/lib * kshd has been modified to accept krb4 encrypted rcp connections; for this to work, the v4rcp program must be in the bin directory. Instructions for obtaining the release -------------------------------------- Via the WEB: Go to the MIT Kerberos home page at: http://web.mit.edu/kerberos/www and click on the link: "Getting Kerberos from MIT". Via FTP: FTP to athena-dist.mit.edu, in /pub/kerberos. Get the file README.KRB5_R1.0. It will contain instructions on how to obtain the 1.0 release. >> << >> Please report any problems/bugs/comments using krb5-send-pr << >> << Acknowledgements ---------------- Appreciation Time!!!! There are far too many people to try to thank them all; many people have contributed to the development of Kerberos V5. This is only a partial listing.... Thanks to Paul Vixie and the Internet Software Consortium for funding the work of Barry Jaspan. This funding was invaluable for the OV administration server integration, as well as the 1.0 release preparation process. Thanks to John Linn, Scott Foote, and all of the folks at OpenVision Technologies, Inc., who donated their administration server for use in the MIT release of Kerberos. Thanks to Jeff Bigler, Mark Eichin, Marc Horowitz, Nancy Gilman, Ken Raeburn, and all of the folks at Cygnus Support, who provided innumerable bug fixes and portability enhancements to the Kerberos V5 tree. Thanks especially to Jeff Bigler, for the new user and system administrator's documentation. Thanks to Doug Engert from ANL for providing many bug fixes, as well as testing to ensure DCE interoperability. Thanks to Ken Hornstein at NRL for providing many bug fixes and suggestions. Thanks to Sean Mullan and Bill Sommerfeld from Hewlett Packard for their many suggestions and bug fixes. Thanks to the members of the Kerberos V5 development team at MIT, both past and present: Jay Berkenbilt, Richard Basch, John Carr, Don Davis, Nancy Gilman, Sam Hartman, Marc Horowitz, Barry Jaspan, John Kohl, Cliff Neuman, Kevin Mitchell, Paul Park, Ezra Peisach, Chris Provenzano, Jon Rochlis, Jeff Schiller, Harry Tsai, Ted Ts'o, Tom Yu.