Kerberos for Windows Release 4.0.1
The MIT Kerberos Team is happy to announce the availability of the
kfw-4.0.1 release. The KfW 4.0 series of releases is based on the MIT
krb5 1.10 series of releases, greatly modernizing the support relative
to the KfW 3.2 series, which was based on the MIT krb5 1.6 series.
KfW 4.0 is distributed only as a Windows Installer MSI file, with both
64-bit and 32-bit installers available. The MSI installer has been
digitally signed by MIT.
KfW is supported on Windows XP (SP3 required), Windows Vista (SP2 required),
Windows 7, Windows 8, Windows Server 2003, and Windows Server 2008.
The Data Encryption Standard (DES) is widely recognized as
weak. Just as the Unix krb5 releases have had measures to encourage
sites to migrate away from single-DES cryptosystems since the krb5 1.7
release, KfW 4.0 has a configuration variable that enables "weak"
enctypes, defaulting to "false".
Major changes in 4.0.1
- End-User experience:
- The ribbon toolbar is now configured with Access Keys.
Tapping 'alt' brings up a set of context menus which may
be navigated to activate the ribbon controls.
Major changes in 4.0.0
- Developer experience:
- Only the WiX-based MSI installer is supported.
NSIS installers are not functional.
- The build system and build environment has been updated.
The procedure for setting up a build environment is documented.
- The kerbsrc.win target is no longer supported. With the exception
of perl, Microsoft provides a sufficient toolkit of Unix-like
utilities to build the source tree natively.
- End-user experience:
- The 64-bit installer includes 32-bit libraries for use by
- A new MIT Kerberos Ticket Manager application to replace the
Network Identity Manager (NIM). The Ticket Manager uses the
Microsoft ribbon interface system.
- KfW has a new logo, a stylized 'K'.
- The krb5.ini configuration file is no longer installed in C:\Windows.
Instead, it is installed in CSIDL_COMMON_APPDATA, which is
C:\ProgramData\MIT\Kerberos5 on systems newer than Windows XP, where
this location translates to
C:\Documents and Settings\All Users\Application Data. When upgrading
from previous KfW releases, existing krb5.ini files will be renamed
- The default krb5.ini file is an empty file; DNS SRV records are used
by default to locate KDCs for a given realm.
- The installer is digitally signed by MIT.
- The default credentials cache uses CCAPI version 3.
- Autocompletion and history for principal/realm names.
- Configurable ability to destroy tickets on exit.
- Integration with the Windows LSA credentials cache.
- AFS support is not available in this release.
The Close button from the system menu has no effect. Use the 'x' in
the upper right corner to minimze, or the Exit option from the
Application menu to close.
There is no confirmation dialog after a successful password change.
The builtin HTML Help from KfW 4.0 is also available online.
Installers for Kerberos for Windows Release 4.0.0 are available
$Id: kfw-4.0.html,v 1.3 2013/03/08 17:08:37 kaduk Exp $
[ home ]
[ contact ]