======= January 7.7 patch release information ======= xlogin, kinit, kdestroy, reactivate for Kerberos 5 xlogin, kinit, kdestroy, and reactivate have been changed for support of Kerberos 5. xlogin and kinit will now provide both a Kerberos 4 "ticket file" and a Kerberos 5 "credentials cache" for your keyboard mileage. kdestroy and reactivate will now deal with destroying the credentials cache, as well as the ticket file, as appropriate. The current goal of the Kerberos 5 support is to provide a bit of convenience for developers to get started with K5; our intent is not to provide a K5 implementation fully integrated with Athena at this time, and it is not to provide an environment where all the users can rely on running K5 clients. [This is likely an issue for the summer release, however.] login.krb security login.krb has been patched so that -K actually disallows the user to try typing a password, as advertised. ftpd security A security hole in the Athena ftpd was removed. login security A security hole in login was fixed. xlogin The "you are in too many groups" message is no longer printed by xlogin. Zephyr security A newer version of zephyr has been included, including fixes in the authentication system. global cshrc file and default printer The environment variable PRINTER is now set to the machine's "lpr" default printer cluster information, for the benefit of software (such as enscript) that does not understand Hesiod. Thus, in a public cluster, "enscript foo" will queue to an appropriate default printer. telnet security The security-fixed telnet binaries, currently in /srvd/patch, are included on the packs. sendbug Some useful explanatory text has been added to the sendbug script. global cshrc file, dash, setup, machtype, add The add alias has been rewritten to include many new features as well as support a new locker binary directory convention. See add(1) and lockers(7) for information. config_afs config_afs is now a hardier, faster piece of software. It is also now executable on Suns. (Intended to run during reactivate as well as boot time, config_afs was not being run on Suns during reactivate.) rc.net (Ultrix) rc.net has been updated to reflect a network change at WHOI. login, xlogin, ftpd (Ultrix) Support for keeping encrypted passwords from appearing in /etc/passwd has been added in the form of a flag provided by the existence of the file "/etc/nocrack". If the file exists, *'s will be placed in /etc/passwd rather than encrypted passwords. This was mainly provided for dialup support, for now. vmunix* (Ultrix) A patch has been applied to the rx layer to prevent some panics. localtime (Ultrix) A localtime symlink has been added on the DECstations pointing to US/Eastern, as this is the correct way to tell Ultrix when it is. That timezone is also hard-coded into the kernel, which is a last-ditch fallback. man(1) (Ultrix) The correct manual page for the man program provided under Ultrix is now in place. swap space (AIX) The swap space on most RS/6000's has been increased from 48meg (sometimes 64meg) to 80meg. manual pages (AIX) Many section 1 manual pages on the RS/6000 have been preformatted, increasing man's performance greatly. login (AIX) "attach: command not found" error fixed. xterm (AIX) utmp (the file read by programs such as finger and who) handling has been fixed. AFS 3.3a (Solaris, AIX) AFS has been updated for the Sun and RS/6000. This includes marginal performance enhancements, bug fixes, and better support for ACLs containing IP addresses. /etc/init.d/athena (Solaris) track is now run on Solaris public workstations at boot time. logindevperm (Solaris) /etc/logindevperm has been changed to ensure that on ^P console logins, /dev/audio's protections are maintained correctly. login, login.krb, xlogin, ftpd (Solaris) AFS PAGs (process authentication groups) are now supported under Solaris. Each login session will now have separate AFS tokens. Previously, separate AFS tokens were provided only on a per user id basis. quota (Solaris) quota now works correctly under Solaris, and does not report quotas on volumes for which the user has no write access. This fix was actually a side-effect of using PAGs. Kerberos library (Solaris) fix audio driver (Solaris, Sparc 5) An audio driver is now provided for the Sparc 5. /usr/bin/true (Solaris) Now uses a statically linked shell. clean_tmp_areas (Solaris) clean_tmp_areas will now not remove attachtab. rlogin (Solaris) rlogin should now not die when ^C is pressed. patches (Solaris) See /mit/solarisdev/2.3.patches/IAP/*.readme for details. ======= January 7.7 patch release information update 1/6 ======= root .profile (Ultrix) Make the search path more convenient in the root .profile. krb.conf, realm updates Add panix.com and netgen.com to Kerberos configuration files. account deactivation hook "mom" is now on the packs. man mom for info. xsession $initdir/xsession was updated to support running mom after get_message. init.d/athena (Solaris) Overhauled, cleaned up. Supports cleaning up /etc/passwd, /etc/group, and now correctly runs gettime. It's also prepared to start an AFS server, once that's ready. Kerberos A couple of early reported problems with the Kerberos V5 support were fixed. The problem remains, until the servers are updated, of an error for the day you change your password. athdir A program called athdir has been added to the release, which is connected to supporting the new bindir conventions. It was specifically introduced to replace the use of `machtype`bin, which is not flexible enough in the new environment. See its manpage for more details. It has undergone far less review than add, and I'd appreciate any feedback. Feedback on add would be great too. [Note to users: updating use of `machtype`bin accordingly will be helpful for upcoming platforms - you won't lose on them if you fix your stuff now. Also, the new add, among other things, accepts multiple lockers in a single command which should run a lot faster if you utilize it in your dotfiles (.environment).] ======= January 7.7 patch release information update 1/23 ======= account deactivation hook (all) "mom" is now properly supported by the release in the global login and xsession files. /bin/login login now uses setpag. (Solaris) The number of groups on login has been properly limited. (Solaris, Ultrix) Kerberos 5 patches for all versions of login have been applied. AFS (Solaris, AIX) The byte-range locking message now is only printed when it should be. Also, the name of the program doing byte-range locking, if available, is printed with the error message. Meta key fix (AIX) The left Alt key has been fixed so that it functions correctly as a meta key in xterm. RS/6000 update script (AIX) A few missing packages were supplied. rsh -x fix (all) rsh, when invoked with -x, now errors out rather than continuing to execute, so that it doesn't mislead you into believing you are getting encryption. RS/6000 libXt.a, libXtst.a link fix (AIX) These two files were not symbolic links to /mit/x11/... as they should have been. This was fixed. zwrite -n, -q fix zwrite -n and -q had incorrect behaviors with respect to exit status and error printing. They have been fixed. ======= January 7.7 patch release information update 1/27 ======= one more to krb.conf (all) Made one more addition to krb.conf. Kerberos 5 support (kinit, all logins, all platforms) Since the master won't be going to K5 before the release goes to the field, the error message due to having changed your password in the last day that comes from K5 not keeping up has been suppressed. Warning to developers trying to use K5: keep this in mind, or it could trip you up. 7.7I update script (AIX) The 7.7I update script was revised. rc.athena (AIX) Noop changes for 3.2.5. lert (all) Not a new program, but "mom" renamed. It was decided that calling the program mom might be found intrinsically offensive. Also includes a couple of bug fixes. telnet (all) As discussed in the release-77 meeting, the default behavior of telnet is now -ax. The -safe behavior is now -axN, where the N option has been added to mean exit rather than falling back to no encryption/ authentication. When fallback is allowed, warnings that this is occuring should always be given. -u may now be provided for unauthenticated behavior. telnetd (all) A bug in providing the user with a temporary home directory was fixed. telnet.1, telnetd.8 (all) These were not properly installed on the Sun and the RS/6000. They now are. rsh -x (all) The original rsh -x fix didn't account for the fact that rsh host -x with no other args simply calls rlogin, and then encryption is provided. This was fixed. /srvd/patch (all) /srvd/patch was changed, for the duration of the January patch release only, to point in a different location from the standard one. This is to enable testing of the latest version of telnet, since there is currently a version of telnet sitting in the standard /srvd/patch, earlier in the user's search path, which cannot currently be removed. ======= January 7.7 patch release information update 2/1 ======= afs 3.3a (Solaris) afs 3.3a was backed out due to a major performance problem under Solaris, but remains running under AIX because that platform was not affected. Xcluster xcluster's resource file was updated to fix its window geometry to accomodate a new cluster; the right fix is to fix the code, but this was not practical. ======== Punted for this release... ======== add lert to services emacs19 edsc update