Kerberos Version 5, Release 1.8

                            Release Notes
                        The MIT Kerberos Team

Copyright and Other Notices
---------------------------

Copyright (C) 1985-2010 by the Massachusetts Institute of Technology
and its contributors.  All rights reserved.

Please see the file named NOTICE for additional notices.

MIT Kerberos is a project of the MIT Kerberos Consortium.  For more
information about the Kerberos Consortium, see http://kerberos.org/

For more information about the MIT Kerberos software, see
    http://web.mit.edu/kerberos/

People interested in participating in the MIT Kerberos development
effort should see http://k5wiki.kerberos.org/

Building and Installing Kerberos 5
----------------------------------

The first file you should look at is doc/install-guide.ps; it contains
the notes for building and installing Kerberos 5.  The info file
krb5-install.info has the same information in info file format.  You
can view this using the GNU emacs info-mode, or by using the
standalone info file viewer from the Free Software Foundation.  This
is also available as an HTML file, install.html.

Other good files to look at are admin-guide.ps and user-guide.ps,
which contain the system administrator's guide, and the user's guide,
respectively.  They are also available as info files
kerberos-admin.info and krb5-user.info, respectively.  These files are
also available as HTML files.

If you are attempting to build under Windows, please see the
src/windows/README file.

Reporting Bugs
--------------

Please report any problems/bugs/comments using the krb5-send-pr
program.  The krb5-send-pr program will be installed in the sbin
directory once you have successfully compiled and installed Kerberos
V5 (or if you have installed one of our binary distributions).

If you are not able to use krb5-send-pr because you haven't been able
compile and install Kerberos V5 on any platform, you may send mail to
krb5-bugs@mit.edu.

Please keep in mind that unencrypted e-mail is not secure. If you need
to report a security vulnerability, or send sensitive information,
please PGP-encrypt it to krbcore-security@mit.edu.

You may view bug reports by visiting

    http://krbdev.mit.edu/rt/

and logging in as "guest" with password "guest".

DES transition
--------------

The krb5-1.8 release disables single-DES cryptosystems by default.  As
a result, you may need to add the libdefaults setting
"allow_weak_crypto = true" to communicate with existing Kerberos
infrastructures if they do not support stronger ciphers.

The Data Encryption Standard (DES) is widely recognized as weak.  The
krb5-1.7 release contains measures to encourage sites to migrate away
from using single-DES cryptosystems.  Among these is a configuration
variable that enables "weak" enctypes, which now defaults to "false"
beginning with krb5-1.8.  The krb5-1.8 release includes additional
measures to ease the transition away from single-DES.  These
additional measures include:

* enctype config enhancements (so you can do "DEFAULT +des", etc.)
* new API to allow applications (e.g. AFS) to explicitly reenable weak
  crypto
* easier kadmin history key changes

Major changes in 1.8.3
----------------------

* Behavior Change:

    GSS-API context expiration -- the gss_wrap and gss_unwrap
    functions no longer check for ticket expiration.  Applications
    wishing to enforce ticket lifetimes should check using the
    gss_inquire_context function.  The previous behavior of checking
    for ticket expiration produced results that were not expected by
    application developers, and could lead to poor user experience.

* Fix an interoperability issue when the Microsoft HMAC-MD5 checksum
  type was used with non-RC4 keys.

* Fix an interoperability issue with ephemeral Diffie-Hellman key
  exchange in PKINIT that would happen for less than 1% of
  transactions.

krb5-1.8.3 changes by ticket ID
-------------------------------

6345    no kdb5_util stash equivalent with LDAP database
6738    PKINIT DH exchange occasionally produces mismatch
6739    Behavior change: gssapi context expiration
6740    kadmin ktadd may display wrong name of default keytab
6744    only test t_locate_kdc if known-good DNS name is present
6745    Add correct error table when initializing gss-krb5
6750    krb5kdc doesn't parse the -P command-line option correctly
6751    Allow Microsoft HMAC-MD5 checksum types to use non-RC4 keys

Major changes in 1.8.2
----------------------

This is primarily a bugfix release.

* Fix vulnerabilities:
  ** CVE-2010-1320 KDC double free caused by ticket renewal
     (MITKRB5-SA-2010-004)
  ** CVE-2010-1321 GSS-API lib null pointer deref (MITKRB5-SA-2010-005)

* Allow numeric IPv6 addresses for configuring KDC locations.

krb5-1.8.2 changes by ticket ID
-------------------------------

6562    kinit not working if kdc is configured with numerical IPv6 address
6696    gss_accept_sec_context doesn't produce error tokens
6697    segfault caused by dlerror returning NULL
6698    kproplog displays incorrect iprop timestamps on 64-bit platforms
6702    CVE-2010-1320 KDC double free caused by ticket renewal
        (MITKRB5-SA-2010-004)
6711    memory leak in process_tgs_req in r23724
6718    Make KADM5_FAIL_AUTH_COUNT_INCREMENT more robust with LDAP
6722    Error handling bug in krb5_init_creds_init()
6725    CVE-2010-1321 GSS-API lib null pointer deref (MITKRB5-SA-2010-005)
6726    SPNEGO doesn't interoperate with Windows 2000
6730    kdc_tcp_ports not documented in kdc.conf.M
6734    FAST negotiation could erroneously succeed

Major changes in 1.8.1
----------------------

This is primarily a bugfix release.

* MITKRB5-SA-2010-002 CVE-2010-0628 denial of service in SPNEGO

* Support IPv6 in kpasswd client.

* Fix an authorization data type number assignment that conflicted
  with an undocumented Microsoft usage.

krb5-1.8.1 changes by ticket ID
-------------------------------

6661    [RFE] properly support IPv6 in kpasswd
6668    Two problems in kadm5_get_principal mask handling
6674    memory leak in SPNEGO
6676    Ignore improperly encoded signedpath AD elements
6678    use of freed memory in gss_import_sec_context error path
6680    the "ticket_lifetime" setting isn't documented
6681    krb5_get_init_creds_password() can crash with NULL options and
        expired keys
6683    kpasswd doesn't guess the client principal name correctly
        without a ccache
6685    handle NT_SRV_INST in service principal referrals
6687    Change KRB5_AUTHDATA_SIGNTICKET from 142 to 512
6689    krb5_typed_data not castable to krb5_pa_data on 64-bit MacOSX
6690    MITKRB5-SA-2010-002 CVE-2010-0628 denial of service in SPNEGO
6693    Fix backwards flag output in krb5_init_creds_step()

Major changes in 1.8
--------------------

The krb5-1.8 release contains a large number of changes, featuring
improvements in the following broad areas:

* Code quality
* Developer experience
* Performance
* End-user experience
* Administrator experience
* Protocol evolution

Code quality:

* Move toward test-driven development -- new features have test code,
  or at least written testing procedures.

* Remove applications to a separate distribution to simplify
  independent maintenance.

* Increase conformance to coding style

  + "The great reindent"

  + Selective refactoring

Developer experience:

* Crypto modularity -- vendors can more easily substitute their own
  crypto implementations, which might be hardware-accelerated or
  validated to FIPS 140, for the builtin crypto implementation that
  has historically shipped as part of MIT Kerberos.  Currently, only
  an OpenSSL provider is included, but others are planned for the
  future.

* Move toward improved KDB interface

* Improved API for verifying and interrogating authorization data

Performance:

* Investigate and remedy repeatedly-reported performance bottlenecks.

* Encryption performance -- new crypto API with opaque key structures,
  to allow for optimizations such as caching of derived keys

End-user experience:

* Reduce DNS dependence by implementing an interface that allows
  client library to track whether a KDC supports service principal
  referrals.

Administrator experience:

* Disable DES by default -- this reduces security exposure from using
  an increasingly insecure cipher.

* More versatile crypto configuration, to simplify migration away from
  DES -- new configuration syntax to allow inclusion and exclusion of
  specific algorithms relative to a default set.

* Account lockout for repeated login failures -- mitigates online
  password guessing attacks, and helps with some enterprise regulatory
  compliance.

* Bridge layer to allow Heimdal HDB modules to act as KDB backend
  modules.  This provides a migration path from a Heimdal to an MIT
  KDC.

Protocol evolution:

* FAST enhancements -- preauthentication framework enhancements to
  allow a client to securely negotiate the use of FAST with a KDC of
  unknown capabilities.

* Microsoft Services for User (S4U) compatibility: S4U2Self, also
  known as "protocol transition", allows for service to ask a KDC for
  a ticket to themselves on behalf of a client authenticated via a
  different means; S4U2Proxy allows a service to ask a KDC for a
  ticket to another service on behalf of a client.

* Anonymous PKINIT -- allows the use of public-key cryptography to
  anonymously authenticate to a realm

* Support doing constrained delegation similar to Microsoft's
  S4U2Proxy without the use of the Windows PAC.  This functionality
  uses a protocol compatible with Heimdal.

krb5-1.8 changes by ticket ID
-----------------------------

5468    delete kadmin v1 support
6206    new API for storing extra per-principal data in ccache
6434    krb5_cc_resolve() will crash if a null name param is provided
6454    Make krb5_mkt_resolve error handling work
6510    Restore limited support for static linking
6539    Enctype list configuration enhancements
6546    KDB should use enctype of stashed master key
6547    Modify kadm5 initializers to accept krb5 contexts
6563    Implement s4u extensions
6564    s4u extensions integration broke test suite...
6565    HP-UX IA64 wrong endian
6572    Implement GSS naming extensions and authdata verification
6576    Implement new APIs to allow improved crypto performance
6577    Account lockout for repeated login failures
6578    Heimdal DB bridge plugin for KDC back end
6580    Constrained delegation without PAC support
6582    Memory leak in _kadm5_init_any introduced with ipropd
6583    Unbundle applications into separate repository
6586    libkrb5 support for non-blocking AS requests
6590    allow testing even if name->addr->name mapping doesn't work
6591    fix slow behavior on Mac OS X with link-local addresses
6592    handle negative enctypes better
6593    Remove dependency on /bin/csh in test suite
6595    FAST (preauth framework) negotiation
6597    Add GSS extensions to store credentials, generate random bits
6598    gss_init_sec_context potential segfault
6599    memory leak in krb5_rd_req_decrypt_tkt_part
6600    gss_inquire_context cannot handle no target name from mechanism
6601    gsssspi_set_cred_option cannot handle mech specific option
6603    issues with SPNEGO
6605    PKINIT client should validate SAN for TGS, not service principal
6606    allow testing when offline
6607    anonymous PKINIT
6616    Fix spelling and hyphen errors in man pages
6618    Support optional creation of PID files for krb5kdc and kadmind
6620    kdc_supported_enctypes does nothing; eradicate mentions thereof
6621    disable weak crypto by default
6622    kinit_fast fails if weak enctype is among client principal keys
6623    Always treat anonymous as preauth required
6624    automated tests for anonymous pkinit
6625    yarrow code does not initialize keyblock enctype and uses
        unitialized value
6626    Restore interoperability with 1.6 addprinc -randkey
6627    Set enctype in crypto_tests to prevent memory leaks
6628    krb5int_dk_string_to_key fails to set enctype
6629    krb5int_derive_key results in cache with uninitialized values
6630    krb5int_pbkdf2_hmac_sha1 fails to set enctype on keyblock
6632    Simplify and fix FAST check for keyed checksum type
6634    Use keyed checksum type for DES FAST
6640    Make history key exempt from permitted_enctypes
6642    Add test program for decryption of overly short buffers
6643    Problem with krb5 libcom_err vs. system libcom_err
6644    Change basename of libkadm5 libraries to avoid Heimdal conflict
6645    Add krb5_allow_weak_crypto API
6648    define MIN() in lib/gssapi/krb5/prf.c
6649    Get rid of kdb_ext.h and allow out-of-tree KDB plugins
6651    Handle migration from pre-1.7 databases with master key
        kvno != 1 (1.8 pullup)
6652    Make decryption of master key list more robust
6653    set_default_enctype_var should filter not reject weak enctypes
6654    Fix greet_server build
6655    Fix cross-realm handling of AD-SIGNEDPATH
6656    krb5int_fast_free_state segfaults if state is null
6657    enc_padata can include empty sequence
6658    Implement gss_set_neg_mechs
6659    Additional memory leaks in kdc
6660    Minimal support for updating history key
6662    MITKRB5-SA-2010-001 CVE-2010-0283 KDC denial of service
6663    update mkrel to deal with changed source layout
6665    Fix cipher state chaining in OpenSSL back end
6669    doc updates for allow_weak_crypto

Acknowledgements
----------------

Past and present Sponsors of the MIT Kerberos Consortium:

    Apple
    Carnegie Mellon University
    Centrify Corporation
    Columbia University
    Cornell University
    The Department of Defense of the United States of America (DoD)
    Google
    Iowa State University
    MIT
    Michigan State University
    Microsoft
    The National Aeronautics and Space Administration
        of the United States of America (NASA)
    Network Appliance (NetApp)
    Nippon Telephone and Telegraph (NTT)
    Oracle
    Pennsylvania State University
    Red Hat
    Stanford University
    TeamF1, Inc.
    The University of Alaska
    The University of Michigan
    The University of Pennsylvania

Past and present members of the Kerberos Team at MIT:

    Danilo Almeida
    Jeffrey Altman
    Justin Anderson
    Richard Basch
    Mitch Berger
    Jay Berkenbilt
    Andrew Boardman
    Bill Bryant
    Steve Buckley
    Joe Calzaretta
    John Carr
    Mark Colan
    Don Davis
    Alexandra Ellwood
    Dan Geer
    Nancy Gilman
    Matt Hancher
    Thomas Hardjono
    Sam Hartman
    Paul Hill
    Marc Horowitz
    Eva Jacobus
    Miroslav Jurisic
    Barry Jaspan
    Geoffrey King
    Kevin Koch
    John Kohl
    HaoQi Li
    Peter Litwack
    Scott McGuire
    Steve Miller
    Kevin Mitchell
    Cliff Neuman
    Paul Park
    Ezra Peisach
    Chris Provenzano
    Ken Raeburn
    Jon Rochlis
    Jeff Schiller
    Jen Selby
    Robert Silk
    Bill Sommerfeld
    Jennifer Steiner
    Ralph Swick
    Brad Thompson
    Harry Tsai
    Zhanna Tsitkova
    Ted Ts'o
    Marshall Vale
    Tom Yu

The following external contributors have provided code, patches, bug
reports, suggestions, and valuable resources:

    Brandon Allbery
    Russell Allbery
    Brian Almeida
    Michael B Allen
    Derek Atkins
    David Bantz
    Alex Baule
    Arlene Berry
    Jeff Blaine
    Radoslav Bodo
    Emmanuel Bouillon
    Michael Calmer
    Ravi Channavajhala
    Srinivas Cheruku
    Leonardo Chiquitto
    Howard Chu
    Andrea Cirulli
    Christopher D. Clausen
    Kevin Coffman
    Simon Cooper
    Sylvain Cortes
    Nalin Dahyabhai
    Roland Dowdeswell
    Jason Edgecombe
    Mark Eichin
    Shawn M. Emery
    Douglas E. Engert
    Peter Eriksson
    Ronni Feldt
    JC Ferguson
    William Fiveash
    Ákos Frohner
    Marcus Granado
    Scott Grizzard
    Steve Grubb
    Philip Guenther
    Jakob Haufe
    Jeff Hodges
    Love Hörnquist Åstrand
    Ken Hornstein
    Henry B. Hotz
    Luke Howard
    Jakub Hrozek
    Shumon Huque
    Jeffrey Hutzelman
    Wyllys Ingersoll
    Holger Isenberg
    Joel Johnson
    Mikkel Kruse
    Volker Lendecke
    Jan iankko Lieskovsky
    Ryan Lynch
    Franklyn Mendez
    Markus Moeller
    Paul Moore
    Zbysek Mraz
    Edward Murrell
    Nikos Nikoleris
    Dmitri Pal
    Javier Palacios
    Ezra Peisach
    W. Michael Petullo
    Mark Phalan
    Robert Relyea
    Martin Rex
    Jason Rogers
    Guillaume Rousse
    Tom Shaw
    Peter Shoults
    Simo Sorce
    Michael Ströder
    Bjørn Tore Sund
    Rathor Vipin
    Jorgen Wahlsten
    Max (Weijun) Wang
    John Washington
    Marcus Watts
    Simon Wilkinson
    Nicolas Williams
    Ross Wilper
    Xu Qiang
    Hanz van Zijst

The above is not an exhaustive list; many others have contributed in
various ways to the MIT Kerberos development effort over the years.
Other acknowledgments (for bug reports and patches) are in the
doc/CHANGES file.