krb5-1.13-beta1 is available

Tom Yu tlyu at mit.edu
Fri Sep 26 18:24:01 EDT 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MIT krb5-1.13-beta1 is now available for download from

         http://web.mit.edu/kerberos/dist/testing.html

The main MIT Kerberos web page is

         http://web.mit.edu/kerberos/

Please send comments to the krbdev list.  The final release will
probably occur in mid-December.  The README file contains a more
extensive list of changes.

Major changes in 1.13
=====================
Additional background information on these changes may be found at

    http://k5wiki.kerberos.org/wiki/Release_1.13

and

    http://k5wiki.kerberos.org/wiki/Category:Release_1.13_projects

Administrator experience:

* Add support for accessing KDCs via an HTTPS proxy server using the
  MS-KKDCP protocol.

* Add support for hierarchical incremental propagation, where slaves
  can act as intermediates between an upstream master and other
  downstream slaves.

* Add support for configuring GSS mechanisms using
  /etc/gss/mech.d/*.conf files in addition to /etc/gss/mech.

* Add support to the LDAP KDB module for binding to the LDAP server using SASL.

* The KDC listens for TCP connections by default.

* Fix a minor key disclosure vulnerability where using the "keepold"
  option to the kadmin randkey operation could return the old keys.
  [CVE-2014-5351]

User experience:

* Add client support for the Kerberos Cache Manager protocol. If the
  host is running a Heimdal kcm daemon, caches served by the daemon
  can be accessed with the KCM: cache type.

* When built on OS X 10.7 and higher, use "KCM:" as the default cache
  type, unless overridden by command-line options or krb5-config
  values.

Performance:

* Add support for doing unlocked database dumps for the DB2 KDC back
  end, which would allow the KDC and kadmind to continue accessing the
  database during lengthy database dumps.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBVCXngRUCTNN0nXiJAQLvuggAlOnV52ArE8Rhcfku81rCBUIFCMLBhqNt
IDdSb7Kq0yJII0s3CJ2qnd6M1Oe+VlkNRUPQkrHcT/kdOUBUKn0mdNLwj16NtZ/b
x7CoSsqlljyM6t5qnDs/ZdddhWO0GQ7YFcMioSW/Ro5cpbv38+2e389Kbejl1fu1
JdFTU6JersAxa1PwJwD8riWTBAKhVTRiiW1HI5uvm6nizA8N4MAwI+xS2iPxQue0
NU99WxjUNCsP/wQL8FkruVoI/7xjIWSbb7WVGSH+dFZcwQWziM8MMsICMwzpUQzZ
ahMXhepfNzoIfi0uFkszSpKEmS3H8/UI1cI/FAdOAIxPiJaOYhSb1A==
=b6AK
-----END PGP SIGNATURE-----

More information about the krbdev mailing list