README

                   Kerberos Version 5, Release 1.17

                            Release Notes
                        The MIT Kerberos Team

Copyright and Other Notices
---------------------------

Copyright (C) 1985-2020 by the Massachusetts Institute of Technology
and its contributors.  All rights reserved.

Please see the file named NOTICE for additional notices.

Documentation
-------------

Unified documentation for Kerberos V5 is available in both HTML and
PDF formats.  The table of contents of the HTML format documentation
is at doc/html/index.html, and the PDF format documentation is in the
doc/pdf directory.

Additionally, you may find copies of the HTML format documentation
online at

    http://web.mit.edu/kerberos/krb5-latest/doc/

for the most recent supported release, or at

    http://web.mit.edu/kerberos/krb5-devel/doc/

for the release under development.

More information about Kerberos may be found at

    http://web.mit.edu/kerberos/

and at the MIT Kerberos Consortium web site

    http://kerberos.org/

Building and Installing Kerberos 5
----------------------------------

Build documentation is in doc/html/build/index.html or
doc/pdf/build.pdf.

The installation guide is in doc/html/admin/install.html or
doc/pdf/install.pdf.

If you are attempting to build under Windows, please see the
src/windows/README file.

Reporting Bugs
--------------

Please report any problems/bugs/comments by sending email to
krb5-bugs@mit.edu.

You may view bug reports by visiting

http://krbdev.mit.edu/rt/

and using the "Guest Login" button.  Please note that the web
interface to our bug database is read-only for guests, and the primary
way to interact with our bug database is via email.

DES transition
--------------

The Data Encryption Standard (DES) is widely recognized as weak.  The
krb5-1.7 release contains measures to encourage sites to migrate away
from using single-DES cryptosystems.  Among these is a configuration
variable that enables "weak" enctypes, which defaults to "false"
beginning with krb5-1.8.

Major changes in 1.17.2 (2020-11-17)
------------------------------------

This is a bug fix release.

* Fix a denial of service vulnerability when decoding Kerberos
  protocol messages.

* Fix a locking issue with the LMDB KDB module which could cause KDC
  and kadmind processes to lose access to the database.

* Fix an assertion failure when libgssapi_krb5 is repeatedly loaded
  and unloaded while libkrb5support remains loaded.

* Fix a null deference when processing a CAMMAC with an invalid
  service verifier.

krb5-1.17.2 changes by ticket ID
--------------------------------

8614    Assertion failure when repeatedly loading libgssapi_krb5
8856    Null dereference in CAMMAC processing
8861    Fix LDAP policy enforcement of pw_expiration
8864    Fix error handling in gssint_mechglue_init()
8872    Put KDB authdata first
8873    Don't assume OpenSSL failures are memory errors
8877    Cannot remove require_auth attribute with LDAP KDB module
8882    kdb5_util load ignores password expiration with LDAP KDB module
8894    Correct formatting of trace log microseconds
8918    KDC and kadmind fork with DB open, breaking LMDB KDB module
8933    Fix input length checking in SPNEGO DER decoding
8936    Set lockdown attribute when creating LDAP KDB
8938    Leash crashes on failure to auto-renew tickets
8939    Suppress Leash error popup on MSLSA renew failure
8959    Add recursion limit for ASN.1 indefinite lengths
8960    Fix compatibility with upcoming autoconf 2.70

Major changes in 1.17.1 (2019-12-11)
------------------------------------

This is a bug fix release.

* Fix a bug preventing "addprinc -randkey -kvno" from working in
  kadmin.

* Fix a bug preventing time skew correction from working when a KCM
  credential cache is used.

krb5-1.17.1 changes by ticket ID
--------------------------------

8735    GSS buffer set failures on Windows due to gssalloc_realloc()
8774    Update doxygen-RST bridge to Python 3
8779    Remove erroneous text from kinit man page
8783    memory leak via krb5_rc_none_close
8789    Document the double-colon behavior of DIR ccaches
8790    Leash krb5_cc_start_seq_get error popups
8796    Document krb5kdc without -r
8797    Wrong functions used in gss_get_mic_iov_length() documentation example code
8801    Fix some return code handling bugs
8802    Remove outdated text in krb5kdc/kadmind man pages
8803    Rename hmac() function
8810    Fix Python fallback in configure.ac
8813    Improve logging documentation
8818    Convert OTP and kdcproxy tests to Python 3
8821    Correct documentation of final profiles
8824    Initialize life/rlife in kdcpolicy interface
8825    Don't skip past zero byte in profile parsing
8826    Fix KCM client time offset propagation
8831    Update LDAP KDB module documentation
8834    Update supported_enctypes documentation
8835    Remove some outdated iprop documentation
8839    Fix missing field in /etc/gss/mech documentation
8840    Accept GSS mechs which don't supply attributes
8841    Fix t_otp.py for pyrad 2.2
8846    Fix SPNEGO fallback context handling
8848    kadmin.local: ank -kvno parameter doesnt work
8850    Fix gss_set_sec_context_option() context creation
8852    Various gssalloc fixes


Major changes in 1.17 (2019-01-08)
----------------------------------

Administrator experience:

* A new Kerberos database module using the Lightning Memory-Mapped
  Database library (LMDB) has been added.  The LMDB KDB module should
  be more performant and more robust than the DB2 module, and may
  become the default module for new databases in a future release.

* "kdb5_util dump" will no longer dump policy entries when specific
  principal names are requested.

Developer experience:

* The new krb5_get_etype_info() API can be used to retrieve enctype,
  salt, and string-to-key parameters from the KDC for a client
  principal.

* The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise
  principal names to be used with GSS-API functions.

* KDC and kadmind modules which call com_err() will now write to the
  log file in a format more consistent with other log messages.

* Programs which use large numbers of memory credential caches should
  perform better.

Protocol evolution:

* The SPAKE pre-authentication mechanism is now supported.  This
  mechanism protects against password dictionary attacks without
  requiring any additional infrastructure such as certificates.  SPAKE
  is enabled by default on clients, but must be manually enabled on
  the KDC for this release.

* PKINIT freshness tokens are now supported.  Freshness tokens can
  protect against scenarios where an attacker uses temporary access to
  a smart card to generate authentication requests for the future.

* Password change operations now prefer TCP over UDP, to avoid
  spurious error messages about replays when a response packet is
  dropped.

* The KDC now supports cross-realm S4U2Self requests when used with a
  third-party KDB module such as Samba's.  The client code for
  cross-realm S4U2Self requests is also now more robust.

User experience:

* The new ktutil addent -f flag can be used to fetch salt information
  from the KDC for password-based keys.

* The new kdestroy -p option can be used to destroy a credential cache
  within a collection by client principal name.

* The Kerberos man page has been restored, and documents the
  environment variables that affect programs using the Kerberos
  library.

Code quality:

* Python test scripts now use Python 3.

* Python test scripts now display markers in verbose output, making it
  easier to find where a failure occurred within the scripts.

* The Windows build system has been simplified and updated to work
  with more recent versions of Visual Studio.  A large volume of
  unused Windows-specific code has been removed.  Visual Studio 2013
  or later is now required.

krb5-1.17 changes by ticket ID
------------------------------

7905    Password changes can result in replay error
8202    memory ccache cursors are invalidated by initialize
8270    No logging when a non-root ksu with command fails authorization
8587    ktutil addent should be able to fetch etype-info2 for principal
8629    etype-info not included in hint list for REQUIRES_HW_AUTH principals
8630    Logging from KDC/kadmind plugin modules
8634    Trace log on k5tls load failure
8635    Fix a few German translation prepositions
8636    PKINIT certid option cannot handle leading zero
8641    Make public headers work with gcc -Wundef
8642    etype-info conflated for initial, final reply key enctype
8647    Add SPAKE preauth support
8648    Implement PKINIT freshness tokens
8650    Exit with status 0 from kadmind
8651    profile library may try to reread from special device files
8652    Report extended errors in kinit -k -t KDB:
8653    Include preauth name in trace output if possible
8654    Prevent fallback from SPAKE to encrypted timestamp
8655    Need per-realm client configuration to deny encrypted timestamp
8657    SPAKE support for Windows build
8659    SPAKE client asks for password before checking second-factor support
8661    ksu segfaults when argc == 0
8662    Windows README does not document MFC requirement
8663    TLS is not free on library unload
8664    Avoid simultaneous KDB/ulog locks in ulog_replay
8665    Display more extended errors in kdb5_util
8673    Improve error for kadmind -proponly without iprop
8674    Add LMDB KDB module
8677    Escape curly braces in def-check.pl regexes
8678    Don't specify MFC library in Leash build
8679    Fix Leash build error with recent Visual Studio
8680    Update kfw installer for VS2017, WiX 3.11.1
8682    Stop building CNS for Windows
8684    Fix option parsing on Windows
8685    Make plugin auto-registration work on Windows
8686    Process profile includedir in sorted order
8687    Repeated lookups of local computer name on Windows
8689    t_path.c build failure with NDEBUG
8690    Fix Windows strerror_r() implementation
8691    Use pkg.m4 macros
8692    Make docs build python3-compatible
8693    Resource leak in domain_fallback_realm()
8694    Add documentation on dictionary attacks
8695    Resource leak in krb5_524_conv_principal()
8696    Resource leak in krb5_425_conv_principal()
8697    Resource leak in krb5_gss_inquire_cred()
8698    Resource leak in aname_replacer()
8699    Resource leak in k5_os_hostaddr()
8700    Resource leak in krb5int_get_fq_local_hostname()
8702    Resource leak in kdb5_purge_mkeys()
8703    Resource leak in RPC UDP cache code
8704    Resource leak in read_secret_file()
8707    Resource leak in ulog_map()
8708    Incorrect error handling in OTP plugin
8709    Explicitly look for python2 in configure.in
8710    Convert Python tests to Python 3
8711    Use SHA-256 instead of MD5 for audit ticket IDs
8713    Zap copy of secret in RC4 string-to-key
8715    Make krb5kdc -p affect TCP ports
8716    Remove outdated note in krb5kdc man page
8718    krb5_get_credentials incorrectly matches user to user ticket
8719    Extend gss-sample timeout from 10s to 300s
8720    Don't include all MEMORY ccaches in collection
8721    Don't tag S4U2Proxy result creds as user-to-user
8722    Use a hash table for MEMORY ccache resolution
8723    Use PTHREAD_CFLAGS when testing for getpwnam_r()
8724    Add kdestroy -p option
8725    Update many documentation links to https
8726    Null deref on some invalid PKINIT identities
8727    Check strdup return in kadm5_get_config_params()
8728    doc: kswitch manual "see also" subsection typo
8729    Memory leak in gss_add_cred() creation case
8730    Add kvno option for user-to-user
8731    Document that DESTDIR must be an absolute path
8732    Fix name of .pdb file in ccapi/test/Makefile.in
8733    Multiple pkinit_identities semantics are unclear and perhaps not useful
8734    gss_add_cred() aliases memory when creating extended cred
8736    Check mech cred in gss_inquire_cred_by_mech()
8737    gss_add_cred() ignores desired_name if creating a new credential
8738    Use the term "replica KDC" in source and docs
8741    S4U2Self client code fails with no default realm
8742    Use "replica" in iprop settings
8743    Fix incorrect TRACE usages to use {str}
8744    KDC/kadmind may not follow master key change before purge_mkeys
8745    libss without readline can interfere with reading passwords
8746    Fix 64-bit Windows socket write error handling
8747    Allow referrals for cross-realm S4U2Self requests
8748    Add more constraints to S4U2Self processing
8749    Add PAC APIs which can include a client realm
8750    Resource leak in ktutil_add()
8751    Fix up kdb5_util documentation
8752    Don't dump policies if principals are specified
8753    Prevent SIGPIPE from socket writes on UNIX-likes
8754    Correct kpasswd_server description in krb5.conf(5)
8755    Bring back general kerberos man page
8756    Add GSS_KRB5_NT_ENTERPRISE_NAME name type
8757    Start S4U2Self realm lookup at server realm
8759    Resource leak in kadm5_randkey_principal_3()
8760    Retry KCM writes once on remote hangup
8762    Fix spelling of auth_to_local example
8763    Ignore password attributes for S4U2Self requests
8767    Remove incorrect KDC assertion
8768    Fix double-close in ksu get_authorized_princ_names
8769    Fix build issues with Solaris native compiler

Acknowledgements
----------------

Past Sponsors of the MIT Kerberos Consortium:

    Apple
    Carnegie Mellon University
    Centrify Corporation
    Columbia University
    Cornell University
    The Department of Defense of the United States of America (DoD)
    Fidelity Investments
    Google
    Iowa State University
    MIT
    Michigan State University
    Microsoft
    MITRE Corporation
    Morgan-Stanley
    The National Aeronautics and Space Administration
        of the United States of America (NASA)
    Network Appliance (NetApp)
    Nippon Telephone and Telegraph (NTT)
    US Government Office of the National Coordinator for Health
        Information Technology (ONC)
    Oracle
    Pennsylvania State University
    Red Hat
    Stanford University
    TeamF1, Inc.
    The University of Alaska
    The University of Michigan
    The University of Pennsylvania

Past and present members of the Kerberos Team at MIT:

    Danilo Almeida
    Jeffrey Altman
    Justin Anderson
    Richard Basch
    Mitch Berger
    Jay Berkenbilt
    Andrew Boardman
    Bill Bryant
    Steve Buckley
    Joe Calzaretta
    John Carr
    Mark Colan
    Don Davis
    Sarah Day
    Alexandra Ellwood
    Carlos Garay
    Dan Geer
    Nancy Gilman
    Matt Hancher
    Thomas Hardjono
    Sam Hartman
    Paul Hill
    Marc Horowitz
    Eva Jacobus
    Miroslav Jurisic
    Barry Jaspan
    Benjamin Kaduk
    Geoffrey King
    Kevin Koch
    John Kohl
    HaoQi Li
    Jonathan Lin
    Peter Litwack
    Scott McGuire
    Steve Miller
    Kevin Mitchell
    Cliff Neuman
    Paul Park
    Ezra Peisach
    Chris Provenzano
    Ken Raeburn
    Jon Rochlis
    Jeff Schiller
    Jen Selby
    Robert Silk
    Bill Sommerfeld
    Jennifer Steiner
    Ralph Swick
    Brad Thompson
    Harry Tsai
    Zhanna Tsitkova
    Ted Ts'o
    Marshall Vale
    Taylor Yu

The following external contributors have provided code, patches, bug
reports, suggestions, and valuable resources:

    Ian Abbott
    Brandon Allbery
    Russell Allbery
    Brian Almeida
    Michael B Allen
    Pooja Anil
    Jeffrey Arbuckle
    Heinz-Ado Arnolds
    Derek Atkins
    Mark Bannister
    David Bantz
    Alex Baule
    David Benjamin
    Thomas Bernard
    Adam Bernstein
    Arlene Berry
    Jeff Blaine
    Radoslav Bodo
    Sumit Bose
    Emmanuel Bouillon
    Isaac Boukris
    Philip Brown
    Samuel Cabrero
    Michael Calmer
    Andrea Campi
    Julien Chaffraix
    Puran Chand
    Ravi Channavajhala
    Srinivas Cheruku
    Leonardo Chiquitto
    Seemant Choudhary
    Howard Chu
    Andrea Cirulli
    Christopher D. Clausen
    Kevin Coffman
    Simon Cooper
    Sylvain Cortes
    Ian Crowther
    Arran Cudbard-Bell
    Adam Dabrowski
    Jeff D'Angelo
    Nalin Dahyabhai
    Mark Davies
    Dennis Davis
    Alex Dehnert
    Mark Deneen
    Günther Deschner
    John Devitofranceschi
    Marc Dionne
    Roland Dowdeswell
    Dorian Ducournau
    Viktor Dukhovni
    Jason Edgecombe
    Mark Eichin
    Shawn M. Emery
    Douglas E. Engert
    Peter Eriksson
    Juha Erkkilä
    Gilles Espinasse
    Ronni Feldt
    Bill Fellows
    JC Ferguson
    Remi Ferrand
    Paul Fertser
    Fabiano Fidêncio
    Frank Filz
    William Fiveash
    Jacques Florent
    Ákos Frohner
    Sebastian Galiano
    Marcus Granado
    Dylan Gray
    Scott Grizzard
    Helmut Grohne
    Steve Grubb
    Philip Guenther
    Timo Gurr
    Dominic Hargreaves
    Robbie Harwood
    John Hascall
    Jakob Haufe
    Matthieu Hautreux
    Jochen Hein
    Paul B. Henson
    Jeff Hodges
    Christopher Hogan
    Love Hörnquist Åstrand
    Ken Hornstein
    Henry B. Hotz
    Luke Howard
    Jakub Hrozek
    Shumon Huque
    Jeffrey Hutzelman
    Sergey Ilinykh
    Wyllys Ingersoll
    Holger Isenberg
    Spencer Jackson
    Diogenes S. Jesus
    Pavel Jindra
    Brian Johannesmeyer
    Joel Johnson
    Lutz Justen
    Alexander Karaivanov
    Anders Kaseorg
    Bar Katz
    Zentaro Kavanagh
    Mubashir Kazia
    W. Trevor King
    Patrik Kis
    Martin Kittel
    Thomas Klausner
    Matthew Krupcale
    Mikkel Kruse
    Reinhard Kugler
    Tomas Kuthan
    Pierre Labastie
    Andreas Ladanyi
    Chris Leick
    Volker Lendecke
    Jan iankko Lieskovsky
    Todd Lipcon
    Oliver Loch
    Chris Long
    Kevin Longfellow
    Frank Lonigro
    Jon Looney
    Nuno Lopes
    Todd Lubin
    Ryan Lynch
    Glenn Machin
    Roland Mainz
    Sorin Manolache
    Andrei Maslennikov
    Michael Mattioli
    Nathaniel McCallum
    Greg McClement
    Cameron Meadors
    Alexey Melnikov
    Franklyn Mendez
    Markus Moeller
    Kyle Moffett
    Paul Moore
    Keiichi Mori
    Michael Morony
    Zbysek Mraz
    Edward Murrell
    Nikos Nikoleris
    Demi Obenour
    Felipe Ortega
    Michael Osipov
    Andrej Ota
    Dmitri Pal
    Javier Palacios
    Dilyan Palauzov
    Tom Parker
    Eric Pauly
    Ezra Peisach
    Alejandro Perez
    Zoran Pericic
    W. Michael Petullo
    Mark Phalan
    Sharwan Ram
    Brett Randall
    Jonathan Reams
    Jonathan Reed
    Robert Relyea
    Tony Reix
    Martin Rex
    Pat Riehecky
    Jason Rogers
    Matt Rogers
    Nate Rosenblum
    Solly Ross
    Mike Roszkowski
    Guillaume Rousse
    Joshua Schaeffer
    Andreas Schneider
    Paul Seyfert
    Tom Shaw
    Jim Shi
    Peter Shoults
    Richard Silverman
    Cel Skeggs
    Simo Sorce
    Michael Spang
    Michael Ströder
    Bjørn Tore Sund
    Joe Travaglini
    Sergei Trofimovich
    Tim Uglow
    Rathor Vipin
    Denis Vlasenko
    Jorgen Wahlsten
    Stef Walter
    Max (Weijun) Wang
    John Washington
    Stef Walter
    Xi Wang
    Nehal J Wani
    Kevin Wasserman
    Margaret Wasserman
    Marcus Watts
    Andreas Wiese
    Simon Wilkinson
    Nicolas Williams
    Ross Wilper
    Augustin Wolf
    David Woodhouse
    Tsu-Phong Wu
    Xu Qiang
    Neng Xue
    Zhaomo Yang
    Nickolai Zeldovich
    Bean Zhang
    Hanz van Zijst
    Gertjan Zwartjes

The above is not an exhaustive list; many others have contributed in
various ways to the MIT Kerberos development effort over the years.
Other acknowledgments (for bug reports and patches) are in the
doc/CHANGES file.