Kerberos 5 Release 1.4

• Announcement
• README file
• Known Bugs
• Documentation
• Retrieving

Kerberos 5 Release 1.4 is now available

The MIT Kerberos Team announces the availability of the krb5-1.4 release. The detached PGP signature is available without going through the download page, if you wish to verify the authenticity of a distribution you have obtained elsewhere. The following is a list of notes and major changes; please see the README file for a more complete listing of changes.

• Fix heap buffer overflow in password history mechanism. [MITKRB5-SA-2004-004]
• Add implementation of the RPCSEC_GSS authentication flavor to the RPC library. Thanks to Kevin Coffman and the CITI group at the University of Michigan.
• Thread safety for krb5 libraries.
• Merged Athena telnetd changes for creating a new option for requiring encryption.
• The kadmind4 backwards-compatibility admin server and the v5passwdd backwards-compatibility password-changing server have been removed.
• Yarrow code now uses AES.
• New client commands kcpytkt and kdeltkt for Windows.
• New command mit2ms on Windows.
• Merged Athena changes to allow ftpd to require encrypted passwords.
• Incorporate gss_krb5_set_allowable_enctypes() and gss_krb5_export_lucid_sec_context(), which are needed for NFSv4, from Kevin Coffman.

You may also see the current full list of fixed bugs tracked in our RT bugtracking system.

Known Bugs

Known bugs reported against krb5-1.4 are listed here.

Documentation for krb5-1.4

Please note that the HTML versions of these documents are converted from texinfo, and that the conversion is imperfect. If you want PostScript or GNU info versions, please download the documentation tarball.

• install guide
• user guide
• admin guide
• krb425 guide
• documentation tarball

Retrieving Kerberos 5 Release 1.4

You may retrieve the Kerberos 5 Release 1.4 source from here. If you need to acquire the sources from some other distribution site, you may verify them against the detached PGP signature for krb5-1.4.