Kerberos for Windows release 4.0.1 is now available
tlyu at MIT.EDU
Fri Dec 7 15:32:43 EST 2012
-----BEGIN PGP SIGNED MESSAGE-----
The MIT Kerberos Team is happy to announce the availability of the
kfw-4.0.1 release. The KfW 4.0 series of releases is based on the MIT
krb5 1.10 series of releases, greatly modernizing the support relative
to the KfW 3.2 series, which was based on the MIT krb5 1.6 series.
KfW 4.0 is distributed only as a Windows Installer MSI file, with both
64-bit and 32-bit installers available. The MSI installer has been
digitally signed by MIT.
KfW is supported on Windows XP (SP3 required), Windows Vista (SP2
required), Windows 7, Windows 8, Windows Server 2003, and Windows
Retrieving Kerberos for Windows release 4.0.1
You may retrieve the kfw-4.0.1 installers from the following URL:
The homepage for the kfw-4.0.1 release is:
Further information about MIT Kerberos software may be found at the
and at the MIT Kerberos Consortium web site:
The Data Encryption Standard (DES) is widely recognized as weak. Just
as the Unix krb5 releases have had measures to encourage sites to
migrate away from single-DES cryptosystems since the krb5 1.7 release,
KfW 4.0 has a configuration variable that enables "weak" enctypes,
defaulting to "false".
Major changes in 4.0.1
* The ribbon toolbar is now configured with Access Keys. Tapping 'alt'
brings up a set of context menus which may be navigated to activate
the ribbon controls.
Major changes in 4.0.0
* Only the WiX-based MSI installer is supported. NSIS installers are
* The build system and build environment has been updated. The
procedure for setting up a build environment is documented.
* The kerbsrc.win target is no longer supported. With the exception of
perl, Microsoft provides a sufficient toolkit of Unix-like utilities
to build the source tree natively.
* The 64-bit installer includes 32-bit libraries for use by 32-bit
* A new MIT Kerberos Ticket Manager application to replace the Network
Identity Manager (NIM). The Ticket Manager uses the Microsoft ribbon
* KfW has a new logo, a stylized 'K'.
* The krb5.ini configuration file is no longer installed in
C:\Windows. Instead, it is installed in CSIDL_COMMON_APPDATA, which
is C:\ProgramData\MIT\Kerberos5 on systems newer than Windows XP,
where this location translates to C:\Documents and Settings\All
Users\Application Data. When upgrading from previous KfW releases,
existing krb5.ini files will be renamed to krb5-ini-pre-kfw4.
* The default krb5.ini file is an empty file; DNS SRV records are used
by default to locate KDCs for a given realm.
* The installer is digitally signed by MIT.
* The default credentials cache uses CCAPI version 3.
* Autocompletion and history for principal/realm names.
* Configurable ability to destroy tickets on exit.
* Integration with the Windows LSA credentials cache.
* AFS support is not available in this release.
* The Close button from the system menu has no effect. Use the 'x' in
the upper right corner to minimize, or the Exit option from the
Application menu to close.
* There is no confirmation dialog after a successful password change.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)
-----END PGP SIGNATURE-----
kerberos-announce mailing list
kerberos-announce at mit.edu
More information about the krbdev