krb5-1.22.1 is released

Greg Hudson ghudson at mit.edu
Wed Aug 20 18:01:31 EDT 2025 

The MIT Kerberos Team announces the availability of MIT Kerberos 5
Release 1.22.1.  Please see below for a list of some major changes
included, or consult the README file in the source tree for a more
detailed list of significant changes.

RETRIEVING KERBEROS 5 RELEASE 1.22.1
====================================

You may retrieve the Kerberos 5 Release 1.22.1 source from the
following URL:

         https://kerberos.org/dist/

The homepage for the krb5-1.22.1 release is:

         https://web.mit.edu/kerberos/krb5-1.22/

Further information about Kerberos 5 may be found at the following
URL:

         https://web.mit.edu/kerberos/

and at the MIT Kerberos Consortium web site:

         https://www.kerberos.org/


PAC transitions
===============

Beginning with release 1.20, the KDC will include minimal PACs in
tickets instead of AD-SIGNEDPATH authdata.  S4U requests (protocol
transition and constrained delegation) must now contain valid PACs in
the incoming tickets.  Beginning with release 1.21, service ticket
PACs will contain a new KDC checksum buffer, to mitigate a hash
collision attack against the old KDC checksum.  If only some KDCs in a
realm have been upgraded across versions 1.20 or 1.21, the upgraded
KDCs will reject S4U requests containing tickets from non-upgraded
KDCs and vice versa.

Triple-DES and RC4 transitions
==============================

Beginning with the krb5-1.21 release, the KDC will not issue tickets
with triple-DES or RC4 session keys unless explicitly configured using
the new allow_des3 and allow_rc4 variables in [libdefaults].  To
facilitate the negotiation of session keys, the KDC will assume that
all services can handle aes256-sha1 session keys unless the service
principal has a session_enctypes string attribute.

Beginning with the krb5-1.19 release, a warning will be issued if
initial credentials are acquired using the des3-cbc-sha1 encryption
type.  Beginning with the krb5-1.21 release, a warning will also be
issued for the arcfour-hmac encryption type.  In future releases,
these encryption types will be disabled by default and eventually
removed.

Beginning with the krb5-1.18 release, all support for single-DES
encryption types has been removed.


Major changes in 1.22.1 (2025-08-20)
====================================

This is a bug fix release.

* Fix a vulnerability in GSS MIC verification [CVE-2025-57736].

Major changes in 1.22 (2025-08-05)
==================================

User experience:

* The libdefaults configuration variable "request_timeout" can be set
   to limit the total timeout for KDC requests.  When making a KDC
   request, the client will now wait indefinitely (or until the request
   timeout has elapsed) on a KDC which accepts a TCP connection,
   without contacting any additional KDCs.  Clients will make fewer DNS
   queries in some configurations.

* The realm configuration variable "sitename" can be set to cause the
   client to query site-specific DNS records when making KDC requests.

Administrator experience:

* Principal aliases are supported in the DB2 and LMDB KDB modules and
   in the kadmin protocol.  (The LDAP KDB module has supported aliases
   since release 1.7.)

* UNIX domain sockets are supported for the Kerberos and kpasswd
   protocols.

* systemd socket activation is supported for krb5kdc and kadmind.

Developer experience:

* KDB modules can be be implemented in terms of other modules using
   the new krb5_db_load_module() function.

* The profile library supports the modification of empty profiles and
   the copying of modified profiles, making it possible to construct an
   in-memory profile and pass it to krb5_init_context_profile().

* GSS-API applications can pass the GSS_C_CHANNEL_BOUND flag to
   gss_init_sec_context() to request strict enforcement of channel
   bindings by the acceptor.

Protocol evolution:

* The PKINIT preauth module supports elliptic curve client
   certificates, ECDH key exchange, and the Microsoft paChecksum2
   field.

* The IAKERB implementation has been changed to comply with the most
   recent draft standard and to support realm discovery.

* Message-Authenticator is supported in the RADIUS implementation used
   by the OTP kdcpreauth module.

Code quality:

* Removed old-style function declarations, to accomodate compilers
   which have removed support for them.

* Added OSS-Fuzz to the project's continuous integration
   infrastructure.

* Rewrote the GSS per-message token parsing code for improved safety.
_______________________________________________
kerberos-announce mailing list
kerberos-announce at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos-announce

More information about the krbdev mailing list