Kerberos Version 5, Release 1.4.2
Release Notes
The MIT Kerberos Team
Unpacking the Source Distribution
---------------------------------
The source distribution of Kerberos 5 comes in a tarfile,
krb5-1.4.2-signed.tar. The tarfile contains a gzipped tarfile,
krb5-1.4.2.tar.gz, and its corresponding PGP signature,
krb5-1.4.2.tar.gz.asc.
You will need the GNU gzip program, and preferably, the GNU tar
program, to extract the source distribution.
The distribution will extract into a subdirectory "krb5-1.4.2" of the
current directory.
Building and Installing Kerberos 5
----------------------------------
The first file you should look at is doc/install-guide.ps; it contains
the notes for building and installing Kerberos 5. The info file
krb5-install.info has the same information in info file format. You
can view this using the GNU emacs info-mode, or by using the
standalone info file viewer from the Free Software Foundation. This
is also available as an HTML file, install.html.
Other good files to look at are admin-guide.ps and user-guide.ps,
which contain the system administrator's guide, and the user's guide,
respectively. They are also available as info files
kerberos-admin.info and krb5-user.info, respectively. These files are
also available as HTML files.
If you are attempting to build under Windows, please see the
src/windows/README file.
Reporting Bugs
--------------
Please report any problems/bugs/comments using the krb5-send-pr
program. The krb5-send-pr program will be installed in the sbin
directory once you have successfully compiled and installed Kerberos
V5 (or if you have installed one of our binary distributions).
If you are not able to use krb5-send-pr because you haven't been able
compile and install Kerberos V5 on any platform, you may send mail to
krb5-bugs@mit.edu.
You may view bug reports by visiting
http://krbdev.mit.edu/rt/
and logging in as "guest" with password "guest".
Important notice regarding Kerberos 4 support
---------------------------------------------
In the past few years, several developments have shown the inadequacy
of the security of version 4 of the Kerberos protocol. These
developments have led the MIT Kerberos Team to begin the process of
ending support for version 4 of the Kerberos protocol. The plan
involves the eventual removal of Kerberos 4 support from the MIT
implementation of Kerberos.
The Data Encryption Standard (DES) has reached the end of its useful
life. DES is the only encryption algorithm supported by Kerberos 4,
and the increasingly obvious inadequacy of DES motivates the
retirement of the Kerberos 4 protocol. The National Institute of
Standards and Technology (NIST), which had previously certified DES as
a US government encryption standard, has officially announced[1] the
withdrawal of the Federal Information Processing Standards (FIPS) for
DES.
NIST's action reflects the long-held opinion of the cryptographic
community that DES has too small a key space to be secure. Breaking
DES encryption by an exhaustive search of its key space is within the
means of some individuals, many companies, and all major governments.
Consequently, DES cannot be considered secure for any long-term keys,
particularly the ticket-granting key that is central to Kerberos.
Serious protocol flaws[2] have been found in Kerberos 4. These flaws
permit attacks which require far less effort than an exhaustive search
of the DES key space. These flaws make Kerberos 4 cross-realm
authentication an unacceptable security risk and raise serious
questions about the security of the entire Kerberos 4 protocol.
The known insecurity of DES, combined with the recently discovered
protocol flaws, make it extremely inadvisable to rely on the security
of version 4 of the Kerberos protocol. These factors motivate the MIT
Kerberos Team to remove support for Kerberos version 4 from the MIT
implementation of Kerberos.
The process of ending Kerberos 4 support began with release 1.3 of MIT
Kerberos 5. In release 1.3, the default run-time configuration of the
KDC disables support for version 4 of the Kerberos protocol. Release
1.4 of MIT Kerberos continues to include Kerberos 4 support (also
disabled in the KDC with the default run-time configuration), but we
intend to completely remove Kerberos 4 support from some future
release of MIT Kerberos, possibly as early as the 1.5 release of MIT
Kerberos.
The MIT Kerberos Team has ended active development of Kerberos 4,
except for the eventual removal of all Kerberos 4 functionality. We
will continue to provide critical security fixes for Kerberos 4, but
routine bug fixes and feature enhancements are at an end.
We recommend that any sites which have not already done so begin a
migration to Kerberos 5. Kerberos 5 provides significant advantages
over Kerberos 4, including support for strong encryption,
extensibility, improved cross-vendor interoperability, and ongoing
development and enhancement.
If you have questions or issues regarding migration to Kerberos 5, we
recommend discussing them on the kerberos@mit.edu mailing list.
References
[1] National Institute of Standards and Technology. Announcing
Approval of the Withdrawal of Federal Information Processing
Standard (FIPS) 43-3, Data Encryption Standard (DES); FIPS 74,
Guidelines for Implementing and Using the NBS Data Encryption
Standard; and FIPS 81, DES Modes of Operation. Federal Register
05-9945, 70 FR 28907-28908, 19 May 2005. DOCID:fr19my05-45
[2] Tom Yu, Sam Hartman, and Ken Raeburn. The Perils of
Unauthenticated Encryption: Kerberos Version 4. In Proceedings of
the Network and Distributed Systems Security Symposium. The
Internet Society, February 2004.
http://web.mit.edu/tlyu/papers/krb4peril-ndss04.pdf
----------------------------------------------------------------------
Major changes in 1.4.2
----------------------
* [3120] Fix [MITKRB5-SA-2005-002] KDC double-free and heap overflow.
Thanks to Daniel Wachdorf for reporting these vulnerabilities.
* [3121] Fix [MITKRB5-SA-2005-003] krb5_recvauth() double-free.
Thanks to Magnus Hagander for reporting this vulnerability.
Minor changes in 1.4.2
----------------------
* [2902] Work around broken res_ninit() in AIX 5.
* [2980] Fix a Windows deadlock condition when unloading krb5_32.dll.
* [2982] Provide some support for pre-POSIX versions of getpwnam_r()
and getpwuid_r().
* [3029] krb5_get_credentials() avoids passing errors from
krb5_cc_store_cred().
* [3042] Fix build failure on 64-bit Solaris/SPARC.
* [3060] Work around excess stack consumption caused by large default
FD_SETSIZE in AIX.
* [3083] Avoid using "faked" telnet service when calling
getaddrinfo().
* [3084] Provide better support for conditional pthread support.
* [3098] The file-based ccache code no longer spuriously retains a
lock.
Major changes in 1.4.1
----------------------
* [2913] The kadmin client library now performs authentication flavor
fallback in a useful way when attempting to contact a pre-1.4 kadmin
daemon.
* [2988] Fix telnet client buffer overflow vulnerabilities.
[MITKRB5-SA-2005-001]
Minor changes in 1.4.1
----------------------
Please see
http://krbdev.mit.edu/rt/NoAuth/krb5-1.4/fixed-1.4.1.html
for a complete list.
* [2888] On Windows, restore library state to uninitialized when library
is unloaded.
* [2906] Map ns_rr_class to ns_rr_cl for some versions of BIND.
* [2916] Perform some cleanup on library unload to avoid leaks.
* [2918] krb5_get_init_creds_password() now correctly handles an empty
string passed in as a password argument.
* [2924] gss_mech_xxx symbols are now exported on Windows.
* [2942] Fix null pointer deref possible in threaded program calls to
profile library.
* [2949] The delta-time parser no longer conflicts with some symbols
in HP-UX header files.
* [2950] Deleted profile nodes are now correctly skipped by the
iterator.
* [2953] Handle variant gmtime_r() on HP-UX 10.
* [2955] Conditionalize the use of reverse DNS lookups in
krb5_sname_to_principal().
* [2960] gssapi.h no longer leaks preprocessor symbols.
* [2961] Fix some missing build dependencies in util/ss.
* [2962] Fix case of @MAINT@ substitution breaking Windows build.
* [2963] On windows, fix dangerous 64-bit time_t * to long *
conversions.
* [2964] Fix invalid return value from krb5_c_is_keyed_cksum() during
error conditions.
* [2971] thread_termination now correctly frees thread-specific data.
* [2974] krb5_get_init_creds_keytab() no longer produces spurious
KRB5_REALM_UNKNOWN errors when a master KDC is not listed in the
configuration.
* [2975] Fix missing semicolon in x-deltat.y which was causing some
versions of Bison to produce un-compilable C files.
* [2981] Restores some shared library support for HP-UX 10.
* [2992] Fix some Makefile quoting problems which were preventing
gssapi_krb5.h from being created on AIX 5.
* [3000] Cast null pointer arguments to variadic functions, which is
necessary on some 64-bit platforms.
Major changes in 1.4
--------------------
* [841] Merged Athena telnetd changes for creating a new option for
requiring encryption.
* [1349, 2578, 2601, 2606, 2613, 2743, 2775, 2778, 2877] Add
implementation of the RPCSEC_GSS authentication flavor to the RPC
library. Thanks to Kevin Coffman and the CITI group at the
University of Michigan.
* [2061] The kadmind4 backwards-compatibility admin server and the
v5passwdd backwards-compatibility password-changing server have been
removed.
* [1303, 2740, 2755, 2781, 2782, 2812, 2858, 2859, 2874, 2875, 2878,
2879, 2884, 2893] Thread safety for krb5 libraries.
* [2410] Yarrow code now uses AES.
* [2678, 2802] New client commands kcpytkt and kdeltkt for Windows.
* [2688] New command mit2ms on Windows.
* [2762] Merged Athena changes to allow ftpd to require encrypted
passwords.
* [2587] Incorporate gss_krb5_set_allowable_enctypes() and
gss_krb5_export_lucid_sec_context(), which are needed for NFSv4,
from Kevin Coffman.
* [2841] Fix heap buffer overflow in password history
mechanism. [MITKRB5-SA-2004-004]
Minor changes in 1.4
--------------------
Please see
http://krbdev.mit.edu/rt/NoAuth/krb5-1.4/fixed-1.4.html
for a complete list.
* [249] Install example config files.
* [427] PATH environment variable won't be overwritten by login.krb5
if already set.
* [696] Sample KDC propagation script fixed.
* [868] Fixed search for res_search() and friends.
* [927] Compilation on Tru64 now detects GNU linker and chooses
whether to use -oldstyle_liblookup accordingly.
* [1044] port-sockets.h explicitly declares h_errno if the declaration
is missing.
* [1210] KDC cleans up some per-listener state upon process
termination to avoid spurious memory leak indications.
* [1335] The server side of the Horowitz password-change protocol now
checks for minimum password life.
* [1345, 2730, 2757] patchlevel.h is now the master version file.
* [1364] GNU sed is no longer required to make depend on Irix.
* [1383] SRV record support now handles "." target and adds trailing
dots to avoid spurious multiple hostname queries.
* [1497] A memory leak in the krb5 context serializer has been fixed.
* [1570] Some team procedures now documented.
* [1588] Automatic rebuilding of configure scripts, etc. are only done
if --enable-maintainer-mode is passed to configure.
* [1623] Memory management in the ftp client has been cleaned up.
* [1724] DNS SRV record lookup support is unconditionally built on
Unix.
* [1791] Replacement for daemon() is compiled separately each time it
is needed, rather than ending up in the krb5 library.
* [1806] Default to building shared libraries on most platforms that
support them.
* [1847] Fixed daemon() replacement to build on Tru64.
* [1850] Fixed some 0 vs NULL issues.
* [2066] AES-only configuration now tested in test suite.
* [2219] Fixed memory leak in KDC preauth handling.
* [2256] Use $(CC) rather than ld to build shared libs on Tru64 and
Irix.
* [2276] Support for the non-standard enctype
ENCTYPE_LOCAL_DES3_HMAC_SHA1 has been removed.
* [2285] Test suite checks TCP access to KDC.
* [2295] Minor stylistic cleanup in gss-client.
* [2296, 2370, 2424] krb5_get_init_creds() APIs avoid multiple queries
to master KDC.
* [2379] Remove _XOPEN_EXTENDED hack previously used for HP-UX.
* [2432] Only sanity-check setutent() API if utmpx.h is not present,
as this was preventing recent NetBSD from configuring.
* [2525] kvno.exe installed on Windows.
* [2529] Fix some internal type inconsistencies in gssapi library.
* [2530] Fix KRB5_CALLCONV usage in krb5_cc_resolve().
* [2537] Apply fix from John Hascall to make krb5_get_in_tkt()
emulation actually honor the lifetimes in the input credentials.
* [2539] Create manpage for krb524d.
* [2573] The rcache code no longer attempts to close a negative file
descriptor from a failed open.
* [2591] The gssapi library now requires that the initiator's channel
bindings match those provided by the acceptor, if the acceptor
provides them at all.
* [2592] Fix some HP-UX 11 compilation issues.
* [2598] Fix some HP-UX 11 foreachaddr() issues.
* [2600] gss_accept_sec_context() no longer leaks rcaches.
* [2603] Clean up some issues relating to use of reserved namespace in
k5-platform.h.
* [2614] Rewrite handling of whitespace in profile library to better
handle whitespace around tag names.
* [2629] Fix double-negation of a preprocessor test in osconf.h.
* [2637] krb5int_zap_data() uses SecureZeroMemory on Windows instead
of memset().
* [2654] krb5_get_init_creds() checks for overflow/underflow on 32-bit
timestamps.
* [2655] krb5_get_init_creds() no longer issues requests where the
renew_until time precedes the expiration time.
* [2656] krb5_get_init_creds() supports ticket_lifetime libdefault.
* [2657] Default ccache name is evaluated more lazily.
* [2661] Handle return of ai_canonname=NULL from getaddrinfo().
* [2665] Fix leak in cc_resolve, reported by Paul Moore.
* [2674] libkadm5 acl_init() API renamed to avoid conflict with MacOS
X acl API.
* [2684, 2710, 2728] Use BIND 8 parsing API when available.
* [2685] The profile library iterators no longer get confused when
modifications are made to the in-memory profile.
* [2694] The krb5-config script now has a manpage.
* [2704] New ccache API flag to request only information, not actual
credentials.
* [2705] Support for upcoming read/write MSLSA ccache.
* [2706] resolv.h is included when searching for res_search() and
friends, to account for symbol renaming.
* [2715] The install-strip make target no longer attempts to strip
scripts.
* [2718] Fix memory leak in arcfour string_to_key. Reported by
Derrick Schommer.
* [2719] Fix memory leak in rd_cred.c. Reported by Derrick Schommer.
* [2725] Fix memory leak in mk_req_extended(). Reported by Derrick
Schommer.
* [2729] Add some new version strings for Windows.
* [2734] The ticket_lifetime libdefault now uses units of seconds by
default, if no units are provided.
* [2741] The profile library's error tables aren't loaded on MacOS X.
* [2750] Calls to the profile library which set values no longer fail
if the file is not writable.
* [2751] The profile library has a new API to detect whether the
default profile is writable.
* [2753] An initial C implementation of CCAPI has been done.
* [2754] fake-addrinfo.h includes errno.h earlier.
* [2756] The profile library calls stat() less frequently on files.
* [2760, 2780] The keytab implementation checks for cases where
fopen() can return NULL without setting errno. Reported by Roland
Dowdeswell.
* [2770] com_err now creates valid prototypes for generated files.
Reported by Jeremy Allison.
* [2772, 2797] The krb4 library now honors the dns_fallback libdefault
setting.
* [2776, 2779] Solaris patches exist for the pty-close race condition
bug. We check for these patches now checked, and don't apply the
priocntl hack if they are present.
* [2783] ftpcmds.y unconditionally defines NBBY to 8.
* [2793] locate_kdc.c can compile if KRB5_DNS_LOOKUP isn't defined,
though we removed the configure-time option for this.
* [2795] Fixed some addrinfo problems that affected Irix.
* [2796, 2840] Calling conventions for some API functions for Windows
have been fixed.
* [2805] Windows NSIS installer script updated.
* [2808] Support library renamed on Windows.
* [2815] krb5-config updated to reference new support library.
* [2814, 2816] Some MSLSA ccache features depending on non-public SDK
features were backed out.
* [2818] Don't create empty array for addresses in MSLSA ccache.
* [2832] Fix shared library build on sparc64-netbsd.
* [2833, 2834, 2835] Add support for generating/installing debugging
symbols on Windows.
* [2838] Fix termination of incorrect string in telnetd.
* [2854] Fix memory leak in ccache.
* [2857] Fix memory leak in asn1_decode_generaltime().
* [2861] Minor documenation fixes.
* [2864] Fix IPv6 support on Windows.
* [2865] New API function krb5_is_thread_safe() to test for thread
safety.
* [2870, 2881] Fix crash in MSLSA ccache.
* [2871] Handle read() returning -1 in prng.c.
* [2872] Fix memory leak in DNS lookup code.
* [2887] Fix null pointer dereference in krb5_unparse_name().
* [2892] Fix some gcc-4.0 compatibility problems.
* [2891] lib/kdb/keytab.c no longer accesses an uninitialized variable.
Copyright Notice and Legal Administrivia
----------------------------------------
Copyright (C) 1985-2005 by the Massachusetts Institute of Technology.
All rights reserved.
Export of this software from the United States of America may require
a specific license from the United States Government. It is the
responsibility of any person or organization contemplating export to
obtain such a license before exporting.
WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
distribute this software and its documentation for any purpose and
without fee is hereby granted, provided that the above copyright
notice appear in all copies and that both that copyright notice and
this permission notice appear in supporting documentation, and that
the name of M.I.T. not be used in advertising or publicity pertaining
to distribution of the software without specific, written prior
permission. Furthermore if you modify this software you must label
your software as modified software and not distribute it in such a
fashion that it might be confused with the original MIT software.
M.I.T. makes no representations about the suitability of this software
for any purpose. It is provided "as is" without express or implied
warranty.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
Individual source code files are copyright MIT, Cygnus Support,
OpenVision, Oracle, Sun Soft, FundsXpress, and others.
Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
and Zephyr are trademarks of the Massachusetts Institute of Technology
(MIT). No commercial use of these trademarks may be made without
prior written permission of MIT.
"Commercial use" means use of a name in a product or other for-profit
manner. It does NOT prevent a commercial firm from referring to the
MIT trademarks in order to convey information (although in doing so,
recognition of their trademark status should be given).
----
The following copyright and permission notice applies to the
OpenVision Kerberos Administration system located in kadmin/create,
kadmin/dbutil, kadmin/passwd, kadmin/server, lib/kadm5, and portions
of lib/rpc:
Copyright, OpenVision Technologies, Inc., 1996, All Rights Reserved
WARNING: Retrieving the OpenVision Kerberos Administration system
source code, as described below, indicates your acceptance of the
following terms. If you do not agree to the following terms, do not
retrieve the OpenVision Kerberos administration system.
You may freely use and distribute the Source Code and Object Code
compiled from it, with or without modification, but this Source
Code is provided to you "AS IS" EXCLUSIVE OF ANY WARRANTY,
INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE, OR ANY OTHER WARRANTY, WHETHER
EXPRESS OR IMPLIED. IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY
FOR ANY LOST PROFITS, LOSS OF DATA OR COSTS OF PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR
CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, INCLUDING,
WITHOUT LIMITATION, THOSE RESULTING FROM THE USE OF THE SOURCE
CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR ANY
OTHER REASON.
OpenVision retains all copyrights in the donated Source Code. OpenVision
also retains copyright to derivative works of the Source Code, whether
created by OpenVision or by a third party. The OpenVision copyright
notice must be preserved if derivative works are made based on the
donated Source Code.
OpenVision Technologies, Inc. has donated this Kerberos
Administration system to MIT for inclusion in the standard
Kerberos 5 distribution. This donation underscores our
commitment to continuing Kerberos technology development
and our gratitude for the valuable work which has been
performed by MIT and the Kerberos community.
----
Portions contributed by Matt Crawford <crawdad@fnal.gov> were
work performed at Fermi National Accelerator Laboratory, which is
operated by Universities Research Association, Inc., under
contract DE-AC02-76CHO3000 with the U.S. Department of Energy.
---- The implementation of the Yarrow pseudo-random number generator
in src/lib/crypto/yarrow has the following copyright:
Copyright 2000 by Zero-Knowledge Systems, Inc.
Permission to use, copy, modify, distribute, and sell this software
and its documentation for any purpose is hereby granted without fee,
provided that the above copyright notice appear in all copies and that
both that copyright notice and this permission notice appear in
supporting documentation, and that the name of Zero-Knowledge Systems,
Inc. not be used in advertising or publicity pertaining to
distribution of the software without specific, written prior
permission. Zero-Knowledge Systems, Inc. makes no representations
about the suitability of this software for any purpose. It is
provided "as is" without express or implied warranty.
ZERO-KNOWLEDGE SYSTEMS, INC. DISCLAIMS ALL WARRANTIES WITH REGARD TO
THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS, IN NO EVENT SHALL ZERO-KNOWLEDGE SYSTEMS, INC. BE LIABLE FOR
ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTUOUS ACTION, ARISING OUT
OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
---- The implementation of the AES encryption algorithm in
src/lib/crypto/aes has the following copyright:
Copyright (c) 2001, Dr Brian Gladman <brg@gladman.uk.net>, Worcester, UK.
All rights reserved.
LICENSE TERMS
The free distribution and use of this software in both source and binary
form is allowed (with or without changes) provided that:
1. distributions of this source code include the above copyright
notice, this list of conditions and the following disclaimer;
2. distributions in binary form include the above copyright
notice, this list of conditions and the following disclaimer
in the documentation and/or other associated materials;
3. the copyright holder's name is not used to endorse products
built using this software without specific written permission.
DISCLAIMER
This software is provided 'as is' with no explcit or implied warranties
in respect of any properties, including, but not limited to, correctness
and fitness for purpose.
---- The implementation of the RPCSEC_GSS authentication flavor in
src/lib/rpc has the following copyright:
Copyright (c) 2000 The Regents of the University of Michigan.
All rights reserved.
Copyright (c) 2000 Dug Song <dugsong@UMICH.EDU>.
All rights reserved, all wrongs reversed.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. Neither the name of the University nor the names of its
contributors may be used to endorse or promote products derived
from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Acknowledgments
---------------
Appreciation Time!!!! There are far too many people to try to thank
them all; many people have contributed to the development of Kerberos
V5. This is only a partial listing....
Thanks to Kevin Coffman and the CITI group at the University of
Michigan for providing patches for implementing RPCSEC_GSS
authentication in the RPC library.
Thanks to Derrick Schommer for reporting multiple memory leaks.
Thanks to Quanah Gibson-Mount of Stanford University for helping
exercise the thread support code.
Thanks to Michael Tautschnig for reporting the heap buffer overflow in
the password history mechanism. [MITKRB5-SA-2004-004]
Thanks to Wyllys Ingersoll for finding a buffer-size problem in the
RPCSEC_GSS implementation.
Thanks to iDEFENSE for bringing to our attention the vulnerabilities
in the telnet client. [MITKRB5-SA-2005-001]
Thanks to the members of the Kerberos V5 development team at MIT, both
past and present: Danilo Almeida, Jeffrey Altman, Jay Berkenbilt,
Richard Basch, Mitch Berger, John Carr, Don Davis, Alexandra Ellwood,
Nancy Gilman, Matt Hancher, Sam Hartman, Paul Hill, Marc Horowitz, Eva
Jacobus, Miroslav Jurisic, Barry Jaspan, Geoffrey King, John Kohl,
Peter Litwack, Scott McGuire, Kevin Mitchell, Cliff Neuman, Paul Park,
Ezra Peisach, Chris Provenzano, Ken Raeburn, Jon Rochlis, Jeff
Schiller, Jen Selby, Brad Thompson, Harry Tsai, Ted Ts'o, Marshall
Vale, Tom Yu.
Very special thanks go to Marshall Vale, our departing team leader.
Over the past few years, Marshall has been extremely valuable to us as
mentor, advisor, manager, and friend. Marshall's devotion as a
champion of Kerberos has helped our team immensely through many trials
and hardships. We will miss him tremendously, and we wish him the
best in his future endeavors.
