Known Bugs in Kerberos 5 Release 1.2.7

• [1228] If tcl is built shared, and krb5 is built static, some utility programs used by the test suite may fail to run due to RPATH issues. (long-standing but recently acknowledged)
• [1259] KDC sends etype-info for enctypes that weren't requested by the client.
• Most of the other known bugs noted in earlier 1.2.x releases (other than those listed as fixed above) are still present.

Known Bugs in Kerberos 5 Release 1.2.4

• Non-sequential key version numbering will confuse the new kvno handling heuristics.
• Long-standing but newly recognized:
  • The remote kadmin protocol will produce incorrect results when key version numbers greater than 255 are being retrieved or stored. The kadmin.local program does not suffer from this problem.
  • We do not support storing multiple key versions for a principal in a srvtab file.
  • We do not support acquiring krb4 tickets using a srvtab or keytab file without acquiring krb5 tickets at the same time (i.e., the old krb4 "ksrvtgt" program).
• most of the other known bugs from 1.2.3

Known Bugs in Kerberos 5 Release 1.2.3

• There may be problems with running a KDC on 64-bit platforms (environments where size_t and long are wider than 32 bits, such as alpha/Tru64, or Solaris/SPARC in SPARCv9 mode, for example), as indicated by the util/db2 tests not passing. These problems may also extend to the rpc library, which may prevent the kadmin protocol from functioning. These are being investigated.
• ETYPE_INFO preauthentication data returned from the KDC are not sorted in the order requested by the client. This may result in preauthentication failure when encrypted timestamp preauthentication is required but the client doesn't understand some of the enctypes of the keys stored for it in the database.
• The gssftp daemon and client, when running in krb4 mode, are inconsistent with respect to port numbers passed to the {mk,rd}_{priv,safe} functions. As a result, there is a small but nonzero probability that krb4 ftp with client and server on the same IP address will fail with a "Time is out of bounds" error. This includes the tests/dejagnu test suite, which tests the krb4 ftp functionality. The probability of this occuring seems to be less than 50%.
• The gss-sample test application suite is known to not communicate with the gss-sample suite in 1.1.x and earlier releases. This is the result of changes to increase functionality; fixes to allow for backwards compatibility will occur in a later release.
• BSD/OS 4.x may have some problems compiling. These are being investigated.
• The gss-sample test application suite is known to not communicate with the gss-sample suite in 1.1.x and earlier releases. This is the result of changes to increase functionality; fixes to allow for backwards compatibility will occur in a later release.