krb5-1.6 is released
tlyu at MIT.EDU
Tue Jan 9 21:11:45 EST 2007
-----BEGIN PGP SIGNED MESSAGE-----
The MIT Kerberos Team announces the availability of MIT Kerberos 5
Release 1.6. Please see below for a list of some major changes
included, or consult the README file in the source tree for a more
detailed list of significant changes.
RETRIEVING KERBEROS 5 RELEASE 1.6
You may retrieve the Kerberos 5 Release 1.6 source from the
The homepage for the krb5-1.6 release is:
Further information about Kerberos 5 may be found at the following
* Partial client implementation to handle server name referrals.
* Pre-authentication plug-in framework, donated by Red Hat.
* LDAP KDB plug-in, donated by Novell.
* Fix for MITKRB5-SA-2006-002: the RPC library could call an
uninitialized function pointer, which created a security
vulnerability for kadmind.
* Fix for MITKRB5-SA-2006-003: the GSS-API mechglue layer could fail
to initialize some output pointers, causing callers to attempt to
free uninitialized pointers. This caused a security vulnerability
Note that the implementation of referral handling involves a change to
the behavior of krb5_sname_to_principal() to return a zero-length
realm name if it is unable to find the realm corresponding to the
hostname. This special realm name signals the ticket-acquisition code
to request KDC canonicalization of service principal names. Other
library code has changed to accommodate this new behavior. This
particular method of implementing service principal name referral
handling may change in the future; we invite discussion on this
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (SunOS)
-----END PGP SIGNATURE-----
kerberos-announce mailing list
kerberos-announce at mit.edu
More information about the krbdev