Kerberos 5 Release 1.3

• Announcement
• README file
• Known Bugs
• Documentation
• Retrieving

Kerberos 5 Release 1.3 is now available

The MIT Kerberos Team announces the availability of the krb5-1.3 release. The detached PGP signature is available without going through the download page, if you wish to verify the authenticity of a distribution you have obtained elsewhere. The following is a list of notes and major changes; for a more complete list, please see the README file for a more complete listing of changes.

• We now install the compile_et program, so other packages can use the installed com_err library with their own error tables. (If you use our com_err code, that is; see below.)
• The header files we install now assume ANSI/ISO C ('89, not '99). We have stopped testing on SunOS 4, even with gcc. Some of our code now has C89-based assumptions, like free(NULL) being well defined, that will probably frustrate any attempts to run this code under SunOS 4 or other pre-C89 systems.
• Some new code, bug fixes, and cleanup for IPv6 support.
• We have upgraded to autoconf 2.52 (or later), and the syntax for specifying certain configuration options have changed. For example, autoconf 2.52 configure scripts let you specify command-line options like "configure CC=/some/path/foo-cc", so we have removed some of our old options like --with-cc in favor of this approach.
• The client libraries can now use TCP to connect to the KDC. This may be necessary when talking to Microsoft KDCs (domain controllers), if they issue you tickets with lots of PAC data.
• If you have versions of the com_err or ss packages installed locally, you can use the --with-system-et and --with-system-ss configure options to use them rather than using the versions supplied here. Note that the interfaces are assumed to be similar to those we supply; in particular, some older, divergent versions of the com_err library may not work with the krb5 sources. Many configure-time variables can be used to help the compiler and linker find the installed packages; see the build documentation for details.
• The AES cryptosystem has been implemented. However, support in the Kerberos GSSAPI mechanism has not been written (or even fully specified), so it's not fully enabled. See the documentation for details.

You may also see the current full list of fixed bugs tracked in our RT bugtracking system.

Known Bugs

Known bugs reported against krb5-1.3 are listed here.

Documentation for krb5-1.3

Please note that the HTML versions of these documents are converted from texinfo, and that the conversion is imperfect. If you want PostScript or GNU info versions, please download the documentation tarball.

• install guide
• user guide
• admin guide
• krb425 guide
• documentation tarball

Retrieving Kerberos 5 Release 1.3

You may retrieve the Kerberos 5 Release 1.3 source from here. If you need to acquire the sources from some other distribution site, perhaps due to problems with our export control web pages, you may verify them against the detached PGP signature for krb5-1.3.