svn rev #21852: trunk/ src/

tlyu@MIT.EDU tlyu at MIT.EDU
Fri Jan 30 23:00:11 EST 2009 

http://src.mit.edu/fisheye/changelog/krb5/?cs=21852
Commit By: tlyu
Log Message:
README and patchlevel.h for 1.7 release branch


Changed Files:
U   trunk/README
U   trunk/src/patchlevel.h
Modified: trunk/README
===================================================================
--- trunk/README	2009-01-31 03:57:20 UTC (rev 21851)
+++ trunk/README	2009-01-31 04:00:10 UTC (rev 21852)
@@ -59,13 +59,35 @@
 
 and logging in as "guest" with password "guest".
 
+DES transition
+--------------
+
+The Data Encryption Standard (DES) is widely recognized as weak.  The
+krb5-1.7 release will contain measures to encourage sites to migrate
+away from using single-DES cryptosystems.  Among these is a
+configuration variable that enables "weak" enctypes, but will default
+to "false" in the future.  Depending on the outcome of ongoing
+discussion on krbdev at mit.edu, this default could change prior to the
+final release of krb5-1.7.
+
+Additional measures to ease the transition away from DES are planned
+for the final krb5-1.7 release.
+
 Major changes in 1.7
 --------------------
 
 * Remove support for version 4 of the Kerberos protocol (krb4).
 
-* Client library now follows client principal referrals.
+* New libdefaults configuration variable "allow_weak_crypto".  NOTE:
+  Currently defaults to "false", but may default to "true" in a future
+  release.  Setting this variable to "false" will have the effect of
+  removing weak enctypes (currently defined to be all single-DES
+  enctypes) from permitted_enctypes, default_tkt_enctypes, and
+  default_tgs_enctypes.
 
+* Client library now follows client principal referrals, for
+  compatibility with Windows.
+
 * KDC can issue realm referrals for service principals based on domain
   names.
 
@@ -80,6 +102,11 @@
 * DCE RPC, including three-leg GSS context setup and unencapsulated
   GSS tokens.
 
+* NTLM recognition support in GSS-API, to facilitate dropping in an
+  NTLM implementation.
+
+* KDC support for principal aliases, if the back end supports them.
+
 * Microsoft set/change password (RFC 3244) protocol in kadmind.
 
 * Master key rollover support.

Modified: trunk/src/patchlevel.h
===================================================================
--- trunk/src/patchlevel.h	2009-01-31 03:57:20 UTC (rev 21851)
+++ trunk/src/patchlevel.h	2009-01-31 04:00:10 UTC (rev 21852)
@@ -55,4 +55,4 @@
 #define KRB5_PATCHLEVEL 0
 #define KRB5_RELTAIL "prerelease"
 /* #undef KRB5_RELDATE */
-#define KRB5_RELTAG "trunk"
+#define KRB5_RELTAG "branches/krb5-1-7"

More information about the cvs-krb5 mailing list