krb5-1.6-beta2 is available

Tom Yu tlyu at MIT.EDU
Fri Dec 22 18:18:15 EST 2006

Hash: SHA1

MIT krb5-1.6-beta2 is now available for download from

The main MIT Kerberos web page is

Please send comments to the krbdev list in the next two weeks.  Major
changes in krb5-1.6 include:

* Partial client implementation to handle server name referrals.

* Pre-authentication plug-in framework, donated by Red Hat.

* LDAP KDB plug-in, donated by Novell.

Note that the implementation of referral handling involves a change to
the behavior of krb5_sname_to_principal() to return a zero-length
realm name if it is unable to find the realm corresponding to the
hostname.  This special realm name signals the ticket-acquisition code
to request KDC canonicalization of service principal names.  Other
library code has changed to accommodate this new behavior.  This
particular method of implementing service principal name referral
handling may change in the future; we invite discussion on this

Additional changes since krb5-1.6-beta1 are:

+3218    kdb5_util load requires that the dumpfile be writable.
+3642    changes for embedding manifest into dlls and exes
+4327    doc/krb5-protocol out of date
+4453    krb5-1.6-pre: fix warnings/ improve 64bit compatibility in the
+        ldap plugin
+4454    krb5-1.6-pre: kdb5_ldap_util stashsrvpw does not work
+4566    leaks in preauth plugin support
+4567    KDC can crash for certain client requests when preauth plugins
+        are used
+4773    fix warning in preauth_plugin.h header
+4980    Remove unused prototype for krb5_find_config_files
+4981    Make clean in lib/krb5/os does not clean test objs
+4991    fix for kdb5_util load bug with dumps from a LDAP KDB
+4994    minor update to kdb5_util man page for LDAP plugin
+5003    krb5_cc_remove should work for the CCAPI
+5005    Reading maxlife, maxrenewlife and ticket flags from conf file
+        in LDAP plugin
+5009    kadmin.local with LDAP backend fails to start when master key
+        enctype is not default enctype
+5022    build the trunk on Windows (again)
+5027    admin guide changes for the LDAP backend
+5032    Don't leak padata when looping for krb5_do_preauth_tryagain()
+5090    krb5_get_init_creds_opt_set_change_password_prompt
+5115    krb5_rc_io_open_internal on error will call close(-1)
+5116    minor ldap specific changes in man page
+5121    keytab code can't match principals with realms not yet determined
+5123    don't pass null pointer to krb5_do_preauth_tryagain()
+5124    use KRB5KRB_ERR_GENERIC, not KRB_ERR_GENERIC in preauth2.c
+5125    Add -clearpolicy to kadmin addprinc usage
+5152    misc cleanups in admin guide ldap sections
+5159    don't split HTML output from makeinfo

For a more complete list of changes in krb5-1.6, please consult
Version: GnuPG v1.4.6 (SunOS)


More information about the krbdev mailing list