Kerberos for Windows release 4.0.1 is now available

Tom Yu tlyu at MIT.EDU
Fri Dec 7 15:32:43 EST 2012

Hash: SHA1

The MIT Kerberos Team is happy to announce the availability of the
kfw-4.0.1 release. The KfW 4.0 series of releases is based on the MIT
krb5 1.10 series of releases, greatly modernizing the support relative
to the KfW 3.2 series, which was based on the MIT krb5 1.6 series.

KfW 4.0 is distributed only as a Windows Installer MSI file, with both
64-bit and 32-bit installers available. The MSI installer has been
digitally signed by MIT.

KfW is supported on Windows XP (SP3 required), Windows Vista (SP2
required), Windows 7, Windows 8, Windows Server 2003, and Windows
Server 2008.

Retrieving Kerberos for Windows release 4.0.1

You may retrieve the kfw-4.0.1 installers from the following URL:

The homepage for the kfw-4.0.1 release is:

Further information about MIT Kerberos software may be found at the
following URL:

and at the MIT Kerberos Consortium web site:

DES transition

The Data Encryption Standard (DES) is widely recognized as weak. Just
as the Unix krb5 releases have had measures to encourage sites to
migrate away from single-DES cryptosystems since the krb5 1.7 release,
KfW 4.0 has a configuration variable that enables "weak" enctypes,
defaulting to "false".

Major changes in 4.0.1

End-User experience:

* The ribbon toolbar is now configured with Access Keys. Tapping 'alt'
  brings up a set of context menus which may be navigated to activate
  the ribbon controls.

Major changes in 4.0.0

Developer experience:

* Only the WiX-based MSI installer is supported. NSIS installers are
  not functional.

* The build system and build environment has been updated. The
  procedure for setting up a build environment is documented.

* The target is no longer supported. With the exception of
  perl, Microsoft provides a sufficient toolkit of Unix-like utilities
  to build the source tree natively.

End-user experience:

* The 64-bit installer includes 32-bit libraries for use by 32-bit

* A new MIT Kerberos Ticket Manager application to replace the Network
Identity Manager (NIM). The Ticket Manager uses the Microsoft ribbon
interface system.

* KfW has a new logo, a stylized 'K'.

* The krb5.ini configuration file is no longer installed in
  C:\Windows. Instead, it is installed in CSIDL_COMMON_APPDATA, which
  is C:\ProgramData\MIT\Kerberos5 on systems newer than Windows XP,
  where this location translates to C:\Documents and Settings\All
  Users\Application Data. When upgrading from previous KfW releases,
  existing krb5.ini files will be renamed to krb5-ini-pre-kfw4.

* The default krb5.ini file is an empty file; DNS SRV records are used
  by default to locate KDCs for a given realm.

* The installer is digitally signed by MIT.

* The default credentials cache uses CCAPI version 3.

* Autocompletion and history for principal/realm names.

* Configurable ability to destroy tickets on exit.

* Integration with the Windows LSA credentials cache.

* AFS support is not available in this release.

Known Bugs

* The Close button from the system menu has no effect. Use the 'x' in
  the upper right corner to minimize, or the Exit option from the
  Application menu to close.

* There is no confirmation dialog after a successful password change.
Version: GnuPG v1.4.8 (SunOS)

kerberos-announce mailing list
kerberos-announce at

More information about the krbdev mailing list