2000-01-09 08:31:47 +00:00
|
|
|
Changes in release 1.0:
|
|
|
|
|
|
|
|
* A new configuration option `nat_in_use' in krb.extra to ease use
|
|
|
|
through Network Address Translators.
|
|
|
|
|
|
|
|
* Support configuration value of KEYFILE and TKT_ROOT in krb.extra
|
|
|
|
|
|
|
|
* Easier building on some platforms
|
|
|
|
|
|
|
|
* built-in ls in ftpd.
|
|
|
|
|
|
|
|
* Bug fixes.
|
1999-09-19 14:19:32 +00:00
|
|
|
|
|
|
|
Changes in release 0.10:
|
|
|
|
|
|
|
|
* Some support for Irix 6.5 capabilities
|
|
|
|
|
|
|
|
* Improved kadmin interface; you can get more info via kadmin.
|
|
|
|
|
|
|
|
* Some improved support for OSF C2.
|
|
|
|
|
|
|
|
* General bug-fixes and improvements, including a large number of
|
|
|
|
potential buffer overrun fixes. A large number of portability
|
|
|
|
improvements.
|
|
|
|
|
|
|
|
* Support for multiple local realms.
|
|
|
|
|
|
|
|
* Support batch kadmin operation.
|
|
|
|
|
|
|
|
* Heimdal support in push.
|
|
|
|
|
|
|
|
* Removed `--with-shared' configure option (use `--enable-shared'.)
|
|
|
|
|
|
|
|
* Now uses Autoconf 2.13.
|
|
|
|
|
|
|
|
Changes in release 0.9.9:
|
|
|
|
|
|
|
|
* New configuration file /etc/krb.extra
|
|
|
|
|
|
|
|
* New program `push' for popping mail.
|
|
|
|
|
|
|
|
* Add (still little tested) support for maildir spool files in popper.
|
|
|
|
|
|
|
|
* Added `delete' to ksrvutil.
|
|
|
|
|
|
|
|
* Support the strange X11 sockets used on HP-UX and some versions of
|
|
|
|
Solaris.
|
|
|
|
|
|
|
|
* Arla compatibility in libkafs.
|
|
|
|
|
|
|
|
* More compatibility with the Solaris version of libkrb.
|
|
|
|
|
|
|
|
* New configure option `--with-mips-abi'
|
|
|
|
|
|
|
|
* Support `/etc/securetty' in login.
|
|
|
|
|
|
|
|
* Bug fixes and improvements to the Win32 telnet.
|
|
|
|
|
|
|
|
* Add support for installing with DESTDIR
|
|
|
|
|
|
|
|
* SIA module with added support for password changing, and
|
|
|
|
reauthentication.
|
|
|
|
|
|
|
|
* Add better support for MIT `compile_et' and `mk_cmds', this should
|
|
|
|
make it easier to build things like `zephyr'.
|
|
|
|
|
|
|
|
* Bug fixes:
|
|
|
|
- Krb: fixed dangling references to flock in libkrb
|
|
|
|
- FTP: fixed `logwtmp' name conflict
|
|
|
|
- Telnet: fix a few literal IP-number bugs
|
|
|
|
- Telnet: hopefully fixed stair-stepping bug
|
|
|
|
- Kafs: don't store expired tokens in the kernel
|
|
|
|
- Kafs: fix broken installation of afslib.so in AIX
|
|
|
|
|
|
|
|
Changes in release 0.9.8:
|
|
|
|
|
|
|
|
* several bug fixes; some which deserve mentioning:
|
|
|
|
- fix non-working `kauth -h'
|
|
|
|
- the sia-module should work again
|
|
|
|
- don't leave tickets in popper
|
|
|
|
|
|
|
|
Changes in release 0.9.7:
|
|
|
|
|
|
|
|
* new configure option --disable-otp
|
|
|
|
|
|
|
|
* new configure option --with-afsws
|
|
|
|
|
|
|
|
* includes rxkad implementation
|
|
|
|
|
|
|
|
* ftp client is more careful with suspicious filenames (|, .., /)
|
|
|
|
|
|
|
|
* fixed setuid-vulnerability of rcp, rlogin, and rsh.
|
|
|
|
|
|
|
|
* removed use of tgetent from telnetd (thereby eliminating buffer-overflow)
|
|
|
|
|
|
|
|
* new commands in ftp and ftpd: kdestroy, krbtkfile, and afslog.
|
|
|
|
|
|
|
|
* implement HTTP transport in libkrb and KDC.
|
|
|
|
|
|
|
|
* win32 terminal program much improved. also implemented ticket
|
|
|
|
management program.
|
|
|
|
|
|
|
|
* introduce `-i' option to kerberos server for listening only on one
|
|
|
|
interface.
|
|
|
|
|
|
|
|
* updated otp applications and man pages.
|
|
|
|
|
|
|
|
* merged in libdes 4.01
|
|
|
|
|
|
|
|
* popper is more resilient to badly formatted mails.
|
|
|
|
|
|
|
|
* minor fixes for Cray support.
|
|
|
|
|
|
|
|
* fix popen bug i ftpd.
|
|
|
|
|
|
|
|
* lots of bug fixes and portability fixes.
|
|
|
|
|
|
|
|
* better compatibility with Heimdal.
|
|
|
|
|
1997-09-04 06:04:33 +00:00
|
|
|
Minor changes in release 0.9.6:
|
|
|
|
|
|
|
|
* utmp(x) works correctly on systems with utmpx.
|
|
|
|
|
|
|
|
* A security-related bug in ftpd fixed.
|
|
|
|
|
|
|
|
* Compiles on solaris 2.4, 2.6 and on WinNT/95 with cygwin32 beta18.
|
|
|
|
|
|
|
|
* New option `-w' to rxtelnet, rxterm.
|
|
|
|
|
|
|
|
Major changes in release 0.9.5:
|
|
|
|
|
|
|
|
* We made some changes to be compatible with the other kerberised ftp
|
|
|
|
implementations and this means that an old kerberised ftp client will
|
|
|
|
not be able to talk to a new ftp server. So try to upgrade your ftp
|
|
|
|
clients and servers at the same time. The reason for this change is
|
|
|
|
described in more detail below.
|
|
|
|
|
|
|
|
* The interpretation of /etc/ftpusers has changed slightly, see
|
|
|
|
ftpusers(5). These changes come from NetBSD.
|
|
|
|
|
|
|
|
* The function `des_quad_cksum', which is used by `krb_rd_safe', and
|
|
|
|
`krb_mk_safe', has never been compatible with MIT's DES
|
|
|
|
library. This has now been fixed.
|
|
|
|
|
|
|
|
This fix will however break some programs that used those functions,
|
|
|
|
for instance `ftp'. In this version `krb_rd_safe' is modified to
|
|
|
|
accept checksums of both the new and the old format; `krb_mk_safe'
|
|
|
|
will always emit checksums of the new type *unless* `krb_rd_safe'
|
|
|
|
has detected that the client is using the old checksum (this feature
|
|
|
|
may be removed in some future release).
|
|
|
|
|
|
|
|
If you have programs that use `krb_mk_safe' and `krb_rd_safe' you
|
|
|
|
should upgrade all clients before upgrading your servers. Client is
|
|
|
|
here defined as the program that first calls `krb_rd_safe'.
|
|
|
|
|
|
|
|
If you are using some protocol that talks to more than one client or
|
|
|
|
server in one session, the heuristics to detect which kind of
|
|
|
|
checksum to use might fail.
|
|
|
|
|
|
|
|
The problem with `des_quad_cksum' was just a byte-order problem, so
|
|
|
|
there are no security problems with using the old versions. Thanks
|
|
|
|
to Derrick J Brashear <shadow@DEMENTIA.ORG> for pointing in the
|
|
|
|
right general direction.
|
|
|
|
|
|
|
|
* Rewrote kx to work always open TCP connections in the same
|
|
|
|
direction. This was needed to make it work through NATs and is
|
|
|
|
generally a cleaner way of doing it. Also added `tenletxr'.
|
|
|
|
Unfortunately the new protocol is not compatible with the old one.
|
|
|
|
The new kx and kxd programs try to figure out if they are talking to
|
|
|
|
old versions.
|
|
|
|
|
|
|
|
* Quite a bit of new functionality in otp. Changed default hash
|
|
|
|
function to `md5'. Fixed implementation of SHA and added downcasing
|
|
|
|
of seed to conform with `draft-ietf-otp-01.txt'. All verification
|
|
|
|
examples in the draft now work.
|
|
|
|
|
|
|
|
* Fixed buffer overflows.
|
|
|
|
|
|
|
|
* Add history/line editing in kadmin and ftp.
|
|
|
|
|
|
|
|
* utmp/utmpx and wtmp/wtmpx might work better on strange machines.
|
|
|
|
|
|
|
|
* Bug fixes for `rsh -n' and `rcp -x'.
|
|
|
|
|
|
|
|
* reget now works in ftp and ftpd. Passive mode works. Other minor
|
|
|
|
bug fixes as well.
|
|
|
|
|
|
|
|
* New option `-g umask' to ftpd for specifying the umask for anonymous users.
|
|
|
|
|
|
|
|
* Fix for `-l' option in rxtelnet and rxterm.
|
|
|
|
|
|
|
|
* XOVER support in popper.
|
|
|
|
|
|
|
|
* Better support for building shared libraries.
|
|
|
|
|
|
|
|
* Better support for talking to the KDC over TCP. This could make it
|
|
|
|
easier to use brain-damaged firewalls.
|
|
|
|
|
|
|
|
* Support FreeBSD-style MD5 /etc/passwd.
|
|
|
|
|
|
|
|
* New option `-createuser' to afslog.
|
|
|
|
|
|
|
|
* Upgraded to work with socks5-v1.0r1.
|
|
|
|
|
|
|
|
* Almost compiles and works on OS/2 with EMX, and Win95/NT with gnu-win32.
|
|
|
|
|
|
|
|
* Merged in win32-telnet, see README-WIN32 for more details.
|
|
|
|
|
|
|
|
* Possibly fixed telnet bug on HP-UX 10.
|
|
|
|
|
|
|
|
* Updated man-pages.
|
|
|
|
|
|
|
|
* Support for NetBSD/OpenBSD manual page circus.
|
|
|
|
|
|
|
|
* Bug fixes.
|
|
|
|
|
|
|
|
Major changes in release 0.9.3:
|
|
|
|
|
|
|
|
* kx has been rewritten and is now a lot easier to use. Two new
|
|
|
|
scripts: rxtelnet and rxterm. It also works on machines such as
|
|
|
|
Cray where the X-libraries cannot talk unix sockets.
|
|
|
|
|
|
|
|
* experimental OTP (RFC1938). Included in login, ftpd, and popper.
|
|
|
|
|
|
|
|
* authentication modules: PAM for linux, SIA for OSF/1, and
|
|
|
|
afskauthlib for Irix.
|
|
|
|
|
|
|
|
* popper now has the UIDL command.
|
|
|
|
|
|
|
|
* ftpd can now tar and compress files and directories on the fly, also
|
|
|
|
added a find site command.
|
|
|
|
|
|
|
|
* updated documentation and man pages.
|
|
|
|
|
|
|
|
* Change kuserok so that it acts as if luser@LOCALREALM is always an
|
|
|
|
entry of .klogin, even when it's not possible to verify that there
|
|
|
|
is no such file or the file is unreadable.
|
|
|
|
|
|
|
|
* Support for SRV-records.
|
|
|
|
|
|
|
|
* Socks v5 support.
|
|
|
|
|
|
|
|
* rcp is AFS-aware.
|
|
|
|
|
|
|
|
* allow for other transport mechanisms than udp (useful for firewall
|
|
|
|
tormented souls); as a side effect the format of krb.conf had to
|
|
|
|
become more flexible
|
|
|
|
|
|
|
|
* sample programs included.
|
|
|
|
|
|
|
|
* work arounds for Linux networking bugs in rlogind and rlogin.
|
|
|
|
|
|
|
|
* more portable
|
|
|
|
|
|
|
|
* quite a number of improvments/bugfixes
|
|
|
|
|
|
|
|
* New platforms: HP-UX 10, Irix 6.2
|
|
|
|
|
|
|
|
Major changes in release 0.9.2a:
|
|
|
|
|
|
|
|
* fix annoying bug with kauth (et al) returning incorrect error
|
|
|
|
|
|
|
|
Major changes in release 0.9.2:
|
|
|
|
|
|
|
|
* service `kerberos-iv' and port 750 has been registered with IANA.
|
|
|
|
|
|
|
|
* Bugfixes.
|
|
|
|
|
|
|
|
- Compiles with gcc on AIX.
|
|
|
|
|
|
|
|
- Compiles with really old resolvers.
|
|
|
|
|
|
|
|
- ftp works with afs string-to-key.
|
|
|
|
|
|
|
|
- shared libraries should work on Linux/ELF.
|
|
|
|
|
|
|
|
- some potential buffer overruns.
|
|
|
|
|
|
|
|
- general code clean-up.
|
|
|
|
|
|
|
|
* Better Cray/UNICOS support.
|
|
|
|
|
|
|
|
* New platforms: AIX 4.2, IRIX 6.1, and Linux 2.0
|
|
|
|
|
|
|
|
Major changes in release 0.9.1:
|
|
|
|
|
|
|
|
* Mostly bugfixes.
|
|
|
|
|
|
|
|
- No hardcoded references to /usr/athena
|
|
|
|
|
|
|
|
- Better Linux support with rlogin
|
|
|
|
|
|
|
|
- Fix for broken handling of NULL password in kadmind (such as with
|
|
|
|
`ksrvutil change')
|
|
|
|
|
|
|
|
- AFS-aware programs should work on AIX systems without AFS
|
|
|
|
|
|
|
|
* New platforms: Digital UNIX 4.0 and Fujitsu UXP/V
|
|
|
|
|
|
|
|
* New mechanism to determine realm from hostname based on DNS. To find
|
|
|
|
the realm of a.b.c.d it tries to find krb4-realm.a.b.c.d and then
|
|
|
|
krb4-realm.b.c.d and so on. The entry in DNS should be a TXT record
|
|
|
|
with the realm name.
|
|
|
|
|
|
|
|
krb4-realm.pdc.kth.se. 7200 TXT "NADA.KTH.SE"
|
|
|
|
|
|
|
|
Major changes in release 0.9:
|
|
|
|
|
|
|
|
* Tested platforms:
|
|
|
|
|
|
|
|
Dec Alpha OSF/1 3.2 with cc -std1
|
|
|
|
HP 9000/735 HP/UX 9.05 with gcc
|
|
|
|
DEC Pmax Ultrix 4.4 with gcc (cc does not work)
|
|
|
|
IBM RS/6000 AIX 4.1 with xlc (gcc works, cc does not)
|
|
|
|
SGI IRIX 5.3 with cc
|
|
|
|
Sun SunOS 4.1.4 with gcc (cc is not ANSI and does not work)
|
|
|
|
Sun SunOS 5.5 with gcc
|
|
|
|
Intel i386 NetBSD 1.2 with gcc
|
|
|
|
Intel i386 Linux 1.3.95 with gcc
|
|
|
|
Cray J90 Unicos 9 with cc
|
|
|
|
|
|
|
|
* Mostly ported to Crays running Unicos 9.
|
|
|
|
|
|
|
|
* S/Key-support in ftpd.
|
|
|
|
|
|
|
|
* Delete operation supported in kerberos database.
|
|
|
|
|
|
|
|
* Cleaner and more portable code.
|
|
|
|
|
|
|
|
* Even less bugs than before.
|
|
|
|
|
|
|
|
* kpopper now supports the old pop3 protocol and has been renamed to popper.
|
|
|
|
|
|
|
|
* rsh can be renamed remsh.
|
|
|
|
|
|
|
|
* Experimental program for forwarding IP over a kerberos tunnel.
|
|
|
|
|
|
|
|
* Updated to libdes 3.23.
|
|
|
|
|
|
|
|
Major changes in release 0.8:
|
|
|
|
|
|
|
|
* New programs: ftp & ftpd.
|
|
|
|
|
|
|
|
* New programs: kx & kxd. These programs forward X connections over
|
|
|
|
kerberos-encrypted connections.
|
|
|
|
|
|
|
|
* Incorporated version 3.21 of libdes.
|
|
|
|
|
|
|
|
* login: No double utmp-entries on Solaris.
|
|
|
|
|
|
|
|
* kafs
|
|
|
|
|
|
|
|
* Better guessing of what realm a cell belongs to.
|
|
|
|
|
|
|
|
* Support for authenticating to several cells. Reads
|
|
|
|
/usr/vice/etc/TheseCells, if present.
|
|
|
|
|
|
|
|
* ksrvutil: Support for generating AFS keys.
|
|
|
|
|
|
|
|
* login, su, rshd, rlogind: tries to counter possible NIS-attack.
|
|
|
|
|
|
|
|
* xnlock: several bug fixes and support for more than one screen.
|
|
|
|
|
|
|
|
* Default port number for ekshell changed from 2106 to 545. kauth
|
|
|
|
port changed from 4711 to 2120.
|
|
|
|
|
|
|
|
* Rumored to work on Fujitsu UXP/V and Cray UNICOS.
|
|
|
|
|
|
|
|
Major changes in release 0.7:
|
|
|
|
|
|
|
|
* New experimental masterkey generation. Enable with
|
|
|
|
--enable-random-mkey. Also the default place for the master key has
|
|
|
|
moved from /.k to /var/kerberos/master-key. This is customizable
|
|
|
|
with --with-mkey=file. If you don't want you master key to be on the
|
|
|
|
same backup medium as your database, remember to use this flag. All
|
|
|
|
relevant programs still checks for /.k.
|
|
|
|
|
|
|
|
* `-t' option to kadmin.
|
|
|
|
|
|
|
|
* Kpopper uses kuserok to verify if user is allowed to pop mail.
|
|
|
|
|
|
|
|
* Kpopper tries to locate the mail spool directory: /var/mail or
|
|
|
|
/var/spool/mail.
|
|
|
|
|
|
|
|
* kauth has ability to get ticket on a remove host with the `-h' option.
|
|
|
|
|
|
|
|
* afslog (aklog clone) and pagsh included.
|
|
|
|
|
|
|
|
* New format for /etc/krb.equiv.
|
|
|
|
|
|
|
|
* Better multi-homed hosts support in kauth, rcp, rlogin, rlogind,
|
|
|
|
rshd, telnet, telnetd.
|
|
|
|
|
|
|
|
* rlogind works on ultrix and aix 3.2.
|
|
|
|
|
|
|
|
* lots of bug fixes.
|
|
|
|
|
|
|
|
Major changes in release 0.6:
|
|
|
|
|
|
|
|
* Tested platforms:
|
|
|
|
|
|
|
|
DEC/Alpha OSF3.2
|
|
|
|
HP700 HPux 9.x
|
|
|
|
Dec/Pmax Ultrix 4.4 (rlogind not working)
|
|
|
|
IBM RS/6000 AIX 3.2 (rlogind not working)
|
|
|
|
IBM RS/6000 AIX 4.1
|
|
|
|
SGI Irix 5.3
|
|
|
|
Sun Sunos 4.1.x
|
|
|
|
Sun Sunos 5.4
|
|
|
|
386 BSD/OS 2.0.1
|
|
|
|
386 NetBSD 1.1
|
|
|
|
386 Linux 1.2.13
|
|
|
|
|
|
|
|
It is rumored to work to some extent on NextStep 3.3.
|
|
|
|
|
|
|
|
* ksrvutil get to create new keys and put them in the database at the
|
|
|
|
same time.
|
|
|
|
|
|
|
|
* Support for S/Key in login.
|
|
|
|
|
|
|
|
* kstring2key: new program to show string to key conversion.
|
|
|
|
|
|
|
|
* Kerberos server should now listen on all available network
|
|
|
|
interfaces and on both port 88 and 750.
|
|
|
|
|
|
|
|
* Timeout in kpopper.
|
|
|
|
|
|
|
|
* Support password quality checks in kadmind. Use --with-crack-lib to
|
|
|
|
link kadmind with cracklib. The patches in cracklib.patch are needed.
|
|
|
|
|
|
|
|
* Movemail from emacs 19.30.
|
|
|
|
|
|
|
|
* Logging format uses four digits for years.
|
|
|
|
|
|
|
|
* Fallback if port numbers are not listed in /etc/services.
|
|
|
|
|
|
|
|
|
|
|
|
* Relesed version 0.5
|
|
|
|
|
|
|
|
* lib/des/read_pwd.c: Redifine TIOCGETP and TIOCSETP so that the
|
|
|
|
same code is used both for posix termios and others.
|
|
|
|
|
|
|
|
* rsh, rlogin: Add environment variable RSTAR_NO_WARN which when
|
|
|
|
set to "yes" make warnings about "rlogin: warning, using standard
|
|
|
|
rlogin: remote host doesn't support Kerberos." go away.
|
|
|
|
|
|
|
|
* admin/kdb_util.c (load_db) lib/kdb/krb_dbm.c (kerb_db_update):
|
|
|
|
Optimized so that it can handle large databases, previously a
|
|
|
|
10000 entry DB would take *many* minutes, this can now be done in
|
|
|
|
under a minute.
|
|
|
|
|
|
|
|
* Changes in server/kerberos.c, kadmin/*.c slave/*.c to support 64
|
|
|
|
bit machines. Source should now be free of 64 bit assumptions.
|
|
|
|
|
|
|
|
* admin/copykey.c (copy_from_key): New functions for copying to
|
|
|
|
and from keys. Neccessary to solve som problems with longs on 64
|
|
|
|
bit machines in kdb_init, kdb_edit, kdb_util and ext_srvtab.
|
|
|
|
|
|
|
|
* lib/kdb/krb_kdb_utils.c (kdb_verify_master_key): More problems
|
|
|
|
with longs on 64 bit machines.
|
|
|
|
|
|
|
|
* appl/bsd/login.c (main): Lots of stuff to support Psoriasis
|
|
|
|
login. Courtesy of gertz@lysator.liu.se.
|
|
|
|
|
|
|
|
* configure.in, all Makefile.in's: Support for Linux shared
|
|
|
|
libraries. Courtesy of svedja@lysator.liu.se.
|
|
|
|
|
|
|
|
* lib/krb/cr_err_reply.c server/kerberos.c: Moved int req_act_vno
|
|
|
|
= KRB_PROT_VERSION; from server kode to libkrb where it really
|
|
|
|
belongs.
|
|
|
|
|
|
|
|
* appl/bsd/forkpty.c (forkpty): New function that allocates master
|
|
|
|
and slave ptys in a portable way. Used by rlogind.
|
|
|
|
|
|
|
|
* appl/telnet/telnetd/sys_term.c (start_login): Under SunOS5 the
|
|
|
|
same utmpx slot got used by sevral sessions. Courtesy of
|
|
|
|
gertz@lysator.liu.se.
|
|
|
|
|
|
|
|
* util/{ss, et}/Makefile.in (LEX): Use flex or lex. Courtesy of
|
|
|
|
svedja@lysator.liu.se.
|
|
|
|
|
|
|
|
* Fix the above Makefiles to work around bugs in Solaris and OSF/1
|
|
|
|
make rules that was triggered by VPATH functionality in the yacc
|
|
|
|
and lex rules.
|
|
|
|
|
|
|
|
* appl/kpopper/pop_log.c (pop_log) appl/kpopper/pop_msg.c (pop_msg):
|
|
|
|
Use stdarg instead of varargs. The code is still broken though,
|
|
|
|
you'll realize that on a machine with 64 bit pointers and 32 bit
|
|
|
|
int:s and no vsprintf, let's hope there will be no such beasts ;-).
|
|
|
|
|
|
|
|
* appl/telnet/telnetd/sys_term.c (getptyslave): Not all systems
|
|
|
|
have (or need) modules ttcompat and pckt so don't flag it as a
|
|
|
|
fatal error if they don't exist.
|
|
|
|
|
|
|
|
* kadmin/admin_server.c (kadm_listen) kadmind/kadm_ser_wrap.c
|
|
|
|
(kadm_listen): Add kludge for kadmind running on a multihomed
|
|
|
|
server. #ifdef:ed under MULTIHOMED_KADMIN. Change in acconfig.h
|
|
|
|
if you need this feature.
|
|
|
|
|
|
|
|
* appl/Makefile.in (SUBDIRS): Add applications movemail kpopper
|
|
|
|
and xnlock.
|
|
|
|
|
|
|
|
* appl/bsd/rlogin.c (main): New rlogind.c, forkpty() is not
|
|
|
|
implemented yet though.
|
|
|
|
|
|
|
|
* appl/xnlock/Makefile.in: Some stubs for X11 programs in
|
|
|
|
configure.in as well as a kerberized version of xnlock.
|
|
|
|
|
|
|
|
* appl/bsd/{rlogin.c, rsh.c, rcp.c}: Add code to support fallback
|
|
|
|
port numbers if they can not be found using getservbyname.
|
|
|
|
|
|
|
|
* appl/bsd/klogin.c (klogin): Use differnet ticket files for each
|
|
|
|
login so that a malicous user won't be able to destroy our tickets
|
|
|
|
with a failed login attempt.
|
|
|
|
|
|
|
|
* lib/kafs/afssys.c (k_afsklog): First we try afs.cell@REALM, if
|
|
|
|
there is no such thing try afs@CELL instead. There is now two
|
|
|
|
arguments to k_afslog(char *cell, char *realm).
|
|
|
|
|
|
|
|
* kadmin/admin_server.c (kadm_listen): If we are multihomed we
|
|
|
|
need to figure out which local address that is used this time
|
|
|
|
since it is used in "direction" comparison.
|
|
|
|
|
|
|
|
* kadmin/kadm_ser_wrap.c (kadm_ser_init): Fallback to use default
|
|
|
|
port number.
|
|
|
|
|
|
|
|
* lib/krb/send_to_kdc.c (send_to_kdc): Default port number
|
|
|
|
(KRB_PORT) was not in network byte order.
|
|
|
|
|
|
|
|
* lib/krb/send_to_kdc.c (send_recv): Linux clears timeout struct
|
|
|
|
when selecting.
|
|
|
|
|
|
|
|
* appl/bsd/rcp.c, appl/bsd/rlogin.c, appl/bsd/rsh.c:
|
|
|
|
Now does fallback if there isn't any entries in /etc/services for
|
|
|
|
klogin/kshell. This also made the code a bit more pretty.
|
|
|
|
|
|
|
|
* appl/bsd/login.c: Added support for lots of more struct utmp fields.
|
|
|
|
If there is no ttyslot() use setutent and friends.
|
|
|
|
|
|
|
|
* appl/bsd/Makefile.in, appl/bsd/rlogind.c, appl/bsd/rshd.c:
|
|
|
|
Added extern iruserok().
|
|
|
|
|
|
|
|
* appl/bsd/iruserok.c: Initial revision
|
|
|
|
|
|
|
|
* appl/bsd/bsd_locl.h: Must include sys/filio.h on Psoriasis.
|
|
|
|
|
|
|
|
* appl/bsd/Makefile.in: New install
|
|
|
|
|
|
|
|
* appl/bsd/pathnames.h: Fix default path, rsh and rlogin.
|
|
|
|
|
|
|
|
* appl/bsd/rshd.c: Extend default PATH with bindir to find rcp.
|
|
|
|
|
|
|
|
* appl/bsd/login.c (login): If there is no ttyslot use setutent
|
|
|
|
and friends. Added support for lots of more struct utmp fields.
|
|
|
|
|
|
|
|
* server/kerberos.c (main) lib/kafs/afssys.c appl/bsd/bsd_locl.h:
|
|
|
|
Must include sys/filio.h on Psoriasis to find _IOW and FIO* macros.
|
|
|
|
|
|
|
|
* appl/bsd/rlogind.c (doit): Use _PATH_DEFPATH rather than
|
|
|
|
_PATH_DEF.
|
|
|
|
|
|
|
|
* appl/bsd/login.c, su.c (main): Use fallback to bourne shell if
|
|
|
|
running as root.
|
|
|
|
|
|
|
|
* appl/bsd/su.c (main): Update usage message to reflect that '-'
|
|
|
|
option must come after the ordinary options and before login-id.
|
|
|
|
|
|
|
|
* appl/telnet/telnetd/telnetd.c (doit): If remote host name is to
|
|
|
|
long to fit into utmp try to remove domain part if it does match
|
|
|
|
our local domain.
|
|
|
|
|
|
|
|
(main): Add new option -L /bin/login so that it is possible to
|
|
|
|
specify an alternate login program.
|
|
|
|
|
|
|
|
* appl/telnet/telnet/commands.c (env_init): When exporting
|
|
|
|
variable DISPLAY and if hostname is not the full name, try to get
|
|
|
|
the full name from DNS.
|
|
|
|
|
|
|
|
* appl/telnet/telnet/main.c (main): Option -k realm was broken due
|
|
|
|
to a bogous external declaration.
|
|
|
|
|
|
|
|
* kadmin/kadmin.c (add_new_key): Kadmin now properly sets
|
|
|
|
lifetime, expiration date and attributes in add_new_key command.
|
|
|
|
|
|
|
|
* appl/bsd/su.c (main): Don't handle '-' option with getopt.
|
|
|
|
|
|
|
|
* appl/telnet/telnet/externs.h: Removed protection for multiple
|
|
|
|
inclusions of termio(s).h since it broke definition of termio
|
|
|
|
macro on POSIX systems.
|
|
|
|
|
|
|
|
* lib/krb/lifetime.c (krb_life_to_time): If you want to disable
|
|
|
|
AFS compatible long lifetimes set krb_no_long_lifetimes = 1.
|
|
|
|
|
|
|
|
Please note that the long lifetimes are 100% compatible up to
|
|
|
|
10h so this should rarely be necessary.
|
|
|
|
|
|
|
|
* lib/krb/krb_equiv.c (krb_equiv): If you don't want to use
|
|
|
|
ipaddress protection of tickets set krb_ignore_ip_address. This
|
|
|
|
makes it possible for an intruder to steal a ticket and then use
|
|
|
|
it from som other machine anywhere on the net.
|
|
|
|
|
|
|
|
* kadmin/kadm_ser_wrap.c (kadm_ser_init): Don't bind to only one
|
|
|
|
local address. Accept request on all interfaces.
|
|
|
|
|
|
|
|
* admin/kdb_edit.c (change_principal): Don't accept illegal
|
|
|
|
dates. Courtesy of gertz@lysator.liu.se.
|
|
|
|
|
|
|
|
* configure.in: AIX specific libraries needed when using standard
|
|
|
|
libc routine getttyent, IBM should be ashamed!
|
|
|
|
|
|
|
|
* lib/krb/recvauth.c (krb_recvauth): Long that should be int32_t
|
|
|
|
problem.
|
|
|
|
|
|
|
|
* Added strdup for su and rlogin.
|
|
|
|
|
|
|
|
* Fix for old syslog macros in appl/bsd/bsd_locl.
|
|
|
|
|
|
|
|
* lib/kdb/krb_dbm.c (kerb_db_rename) admin/kdb_destroy.c: New
|
|
|
|
ifdef HAVE_NEW_DB for new databases residing in one file only.
|
|
|
|
|
|
|
|
* appl/bsd/rlogin.c (oob): Add workaround for Linux.
|
|
|
|
|
|
|
|
* appl/bsd/getpass.c: New routine that reads up to 127 char
|
|
|
|
passwords. Used in su.c and login.c.
|
|
|
|
|
|
|
|
* appl/telnet/telnetd/sys_term.c (login_tty): Ioctl TIOCSCTTY
|
|
|
|
should not be used on HP-UX.
|
|
|
|
|
|
|
|
==========================*** Released 0.2? ***=============================
|
|
|
|
|
|
|
|
ksrvutil
|
|
|
|
If there is a dot in the about to be added principals name there is
|
|
|
|
no need to ask for instance name.
|
|
|
|
|
|
|
|
kerberos & kadmind
|
|
|
|
Logfiles are created with small permissions (600).
|
|
|
|
|
|
|
|
krb.conf and krb.realms
|
|
|
|
Use domain part as realm name if there is no match in krb.realms.
|
|
|
|
Use kerberos.REALMNAME if there is no match in krb.realms.
|
|
|
|
|
|
|
|
rlogin
|
|
|
|
The rlogin client is supported both with and without encryption,
|
|
|
|
there is no rlogind yet though.
|
|
|
|
|
|
|
|
login
|
|
|
|
There is login program that supports the -f option. Both kerberos
|
|
|
|
and /etc/passwd authentication is enabled.
|
|
|
|
|
|
|
|
Vendors login programs typically have no -f option (needed by
|
|
|
|
telnetd) and also does not know how to verify passwords againts
|
|
|
|
kerberos.
|
|
|
|
|
|
|
|
appl/bsd/*
|
|
|
|
Now uses POSIX signals.
|
|
|
|
|
|
|
|
kdb_edit, kadmin
|
|
|
|
Generate random passwords if administrator enters empty password.
|
|
|
|
|
|
|
|
lib/kafs
|
|
|
|
New library to support AFS. Routines:
|
|
|
|
int k_hasafs(void);
|
|
|
|
int k_afsklog(...); or some other name
|
|
|
|
int k_setpag(void);
|
|
|
|
int k_unlog(void);
|
|
|
|
int k_pioctl(char *, int, struct ViceIoctl *, int);
|
|
|
|
|
|
|
|
Library supports more than one single entry point AFS syscalls
|
|
|
|
(needed be HP/UX and OSF/1 when running DFS). Doesn't rely on
|
|
|
|
transarc headers or library code. Same binaries can be used both on
|
|
|
|
machines running AFS and others.
|
|
|
|
|
|
|
|
This library is used in telnetd, login and the r* programs.
|
|
|
|
|
|
|
|
telnet & telnetd
|
|
|
|
Based on telnet.95.05.31.NE but with the encryption hacks from
|
|
|
|
ftp.funet.fi:/pub/unix/security/esrasrc-1.0 added. This encryption
|
|
|
|
stuff needed some more modifications (done by joda@nada.kth.se)
|
|
|
|
before it was usable. Telnet has also been modified to use GNU
|
|
|
|
autoconf.
|
|
|
|
|
|
|
|
Numerous other changes that are long since forgotten.
|