krb5-1.6 is released

Tom Yu tlyu at MIT.EDU
Tue Jan 9 21:11:45 EST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The MIT Kerberos Team announces the availability of MIT Kerberos 5
Release 1.6.  Please see below for a list of some major changes
included, or consult the README file in the source tree for a more
detailed list of significant changes.

RETRIEVING KERBEROS 5 RELEASE 1.6
=================================

You may retrieve the Kerberos 5 Release 1.6 source from the
following URL:

        http://web.mit.edu/kerberos/dist/

The homepage for the krb5-1.6 release is:

        http://web.mit.edu/kerberos/krb5-1.6/

Further information about Kerberos 5 may be found at the following
URL:

        http://web.mit.edu/kerberos/

MAJOR CHANGES
=============

* Partial client implementation to handle server name referrals.

* Pre-authentication plug-in framework, donated by Red Hat.

* LDAP KDB plug-in, donated by Novell.

* Fix for MITKRB5-SA-2006-002: the RPC library could call an
  uninitialized function pointer, which created a security
  vulnerability for kadmind.

* Fix for MITKRB5-SA-2006-003: the GSS-API mechglue layer could fail
  to initialize some output pointers, causing callers to attempt to
  free uninitialized pointers.  This caused a security vulnerability
  in kadmind.

Note that the implementation of referral handling involves a change to
the behavior of krb5_sname_to_principal() to return a zero-length
realm name if it is unable to find the realm corresponding to the
hostname.  This special realm name signals the ticket-acquisition code
to request KDC canonicalization of service principal names.  Other
library code has changed to accommodate this new behavior.  This
particular method of implementing service principal name referral
handling may change in the future; we invite discussion on this
subject.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (SunOS)

iQCVAwUBRaRLZabDgE/zdoE9AQKt3AP/a8lm1ueqdnyZRmnGPfOy3nMOuUoDFe3l
ZTYskV8J2zuQCjrUWPncGmihxJ9bx+4SKJyY7R2WcXC0Jq0Bk6/XuPNwsFDaRLJy
BFQw8VVPDhUeh39lluVj2ltZawwbM14J/2anpNNO/Xf9QEl8od7a442AOwivn6iM
KeueI9DMvYo=
=1bMh
-----END PGP SIGNATURE-----



More information about the kerberos-announce mailing list