MIT Kerberos for Windows 2.6 Beta 3 is available

Tom Yu tlyu at MIT.EDU
Tue Feb 3 14:28:24 EST 2004 

The MIT Kerberos for Windows 2.6 Beta 3 release is now available.  You
may download its installer from the MIT Kerberos distribution page,

        http://web.mit.edu/kerberos/dist/

Separate zip files of the binaries, SDK, and extras are also
available.  The main MIT Kerberos web page is

        http://web.mit.edu/kerberos/

Changes between Beta 2 and Beta 3:

    * The MSLSA: krb5_ccache type was generating potentially incorrect
      client principal names in cross-realm environments.  An
      explanation of the situation has been added to the release notes
      along with fixes applied to the code.

    * The MSLSA: krb5_ccache type was incorrectly specifying KDC Options
      which would have resulted in invalid TGS requests being sent to
      the KDC if the Kerberos LSA cache contained a TGT with the
      TRANSIT_POLICY_CHECKED ticket flag set.

    * The MSLSA: would crash the application if an attempt to read a
      ticket from the Kerberos LSA cache failed with an INVALID_LOGON error.

    * The MSLSA: krb5_ccache type will no longer allow TGTs to be read
      if the Windows Kerberos LSA is configured to refuse to export TGT
      Session Keys.  Documentation of the registry keys necessary to
      enable TGT Session Key exports on Windows 2000 Server SP4, Windows
      XP SP2, and Windows 2003 Server have been added to the release notes.

    * A new version of the GSS Sample Application client compatible with
      the Unix GSS Sample Application server has been added to the
      distribution.  The new gss.exe supports a new UI.  See release
      notes for compatibility issues with the Microsoft Platform SDK
      version of the gss sample.

    * ms2mit has been changed to refuse to import tickets if the Initial
      TGT cannot be read from the MSLSA: krb5_ccache.

    * The IP Address change detection in Leash will now trigger a Krb4
      ticket refresh in order to obtain new tickets with current IP
      address information

    * The Leash_importable() api will return FALSE if the Initial TGT
      cannot be read from the MSLSA: krb5_ccache.

    * Automatic popup of the Obtain Tickets Dialog (kinit) can be
      disabled by defining the environment variable:
      KERBEROSLOGIN_NEVER_PROMPT.

More information about the krbdev mailing list