The MIT Kerberos Team announces the availability of the krb5-1.6 release. The detached PGP signature is available without going through the download page, if you wish to verify the authenticity of a distribution you have obtained elsewhere.
Major changes in 1.6 include
Note that the implementation of referral handling involves a change to the behavior of krb5_sname_to_principal() to return a zero-length realm name if it is unable to find the realm corresponding to the hostname. This special realm name signals the ticket-acquisition code to request KDC canonicalization of service principal names. Other library code has changed to accommodate this new behavior. This particular method of implementing service principal name referral handling may change in the future; we invite discussion on this subject.
Please see the README file for a more complete list of changes.
You may also see the current full list of fixed bugs tracked in our RT bugtracking system.
Known bugs reported against krb5-1.6 are listed here.
Please note that the HTML versions of these documents are converted from texinfo, and that the conversion is imperfect. If you want PostScript or GNU info versions, please download the documentation tarball.
You may retrieve the Kerberos 5 Release 1.6 source from here. If you need to acquire the sources from some other distribution site, you may verify them against the detached PGP signature for krb5-1.6.