| Id | Subject
|
| 6118 |
rename principals |
| 6323 |
kadmin: rename support |
| 6430 |
Avoid looping when preauth can't be generated |
| 6617 |
uninitialized values used in mkey-migration code |
| 6732 |
checks for openpty() aren't made using -lutil |
| 6770 |
kg_unseal leads to overlap of source and desitination in memcpy... |
| 6813 |
memory leak in gss_accept_sec_context |
| 6814 |
Improve kdb5_util load locking and recovery |
| 6816 |
potential memory leak in spnego |
| 6817 |
potential null dereference in gss mechglue |
| 6835 |
accept_sec_context RFC4121 support bug in 1.8.3 |
| 6851 |
pkinit can't parse some valid cms messages |
| 6854 |
kadmin's ktremove can remove wrong entries when removing kvno 0 |
| 6855 |
Improve acceptor name flexibility |
| 6857 |
missing ifdefs around IPv6 code |
| 6858 |
Assume ELF on FreeBSD if objformat doesn't exist |
| 6863 |
memory leak on SPNEGO error path |
| 6868 |
Defer hostname lookups in krb5_sendto_kdc |
| 6872 |
Fix memory leak in t_expire_warn |
| 6874 |
Fortuna as default PRNG |
| 6878 |
Add test script for user2user programs |
| 6887 |
Use first principal in keytab when verifying creds |
| 6890 |
Implement draft-josefsson-gss-capsulate |
| 6891 |
Add gss_userok and gss_pname_to_uid |
| 6892 |
Prevent bleed-through of mechglue symbols into loaded mechs |
| 6893 |
error codes from error responses can be discarded when there's e-data |
| 6894 |
More sensical mech selection for gss_acquire_cred/accept_sec_context |
| 6895 |
gss_duplicate_name SPI for SPNEGO |
| 6896 |
Allow anonymous name to be imported with empty name buffer |
| 6897 |
Default principal name in the acceptor cred corresponds to first entry in associated keytab. |
| 6898 |
Set correct minor_status value in call to gss_display_status. |
| 6902 |
S4U impersonated credential KRB5_CC_NOT_FOUND |
| 6904 |
Install k5login(5) as well as .k5login(5) |
| 6905 |
support poll() in sendto_kdc.c |
| 6909 |
Kernel subset |
| 6910 |
Account lockout policy parameters not documented |
| 6911 |
Account lockout policy options time format |
| 6914 |
krb5-1.9.1 static compile error +preliminary patch (fwd) |
| 6915 |
klist -s trips over referral entries |
| 6918 |
Localize user interface strings using gettext |
| 6921 |
Convert preauth_plugin.h to new plugin framework |
| 6922 |
Work around glibc getaddrinfo PTR lookups |
| 6923 |
Use AI_ADDRCONFIG for more efficient getaddrinfo |
| 6924 |
Fix multiple libkdb_ldap memory leaks |
| 6927 |
chpass_util.c improvements |
| 6928 |
use timegm() for krb5int_gmt_mktime() when available |
| 6929 |
Pluggable configuration |
| 6931 |
Add libedit/readline support to ss. |
| 6933 |
blocking recv caused our server to hang |
| 6934 |
don't require a default realm |
| 6936 |
multiple mechanisms and spnego_gss_init_sec_context |
| 6944 |
gss_acquire_cred erroneous failure and potential segfault for caller |
| 6945 |
spnego_gss_acquire_cred_impersonate_name incorrect usage of impersonator_cred_handle |
| 6951 |
assertion failure when connections fail in service_fds() |
| 6953 |
Add the DIR ccache type |
| 6954 |
Add new cache collection APIs |
| 6955 |
Remove unneeded cccol behaviors |
| 6956 |
Add ccache collection support to tools |
| 6957 |
Add krb5_cc_select() API and pluggable interface |
| 6958 |
Make gss-krb5 use cache collection |
| 6961 |
Support pkinit: SignedData with no signers (KDC) |
| 6962 |
pkinit: client: Use SignedData for anonymous |
| 6964 |
Support special salt type in default krb5_dbe_cpw. |
| 6965 |
Remove CFLAGS and external deps from krb5-config --libs |
| 6966 |
Eliminate domain-based client realm walk |
| 6968 |
[PATCH] Man page fixes |
| 6969 |
Create e_data as pa_data in KDC interfaces. |
| 6971 |
Use type-safe callbacks in preauth interface |
| 6974 |
Make krb5_pac_sign public |
| 6975 |
Add PKINIT NSS support |
| 6976 |
Hide gak_fct interface and arguments in clpreauth |
| 6977 |
Install krb5/preauth_plugin.h |
| 6978 |
Allow rd_priv/rd_safe without remote address |
| 6979 |
Allow password changes over NATs |
| 6980 |
Ensure termination in Windows vsnprintf wrapper |
| 6981 |
SA-2011-006 KDC denial of service [CVE-2011-1527 CVE-2011-1528 CVE-2011-1529] |
| 6987 |
Fix krb5_cc_set_config |
| 6988 |
Fix handling of null edata method in KDC preauth |
| 6989 |
fix tar invocation in mkrel |
| 6992 |
Make krb5_find_authdata public |
| 6994 |
Fix intermediate key length in hmac-md5 checksum |
| 6995 |
Initialize typed_e_data in as_req_state |
| 6996 |
Make krb5_check_clockskew public |
| 6997 |
don't build po/ if msgfmt is missing |
| 6999 |
compile warnings, mininum version check for pkinit (NSS code paths) |
| 7000 |
Exit on error in kadmind kprop child |
| 7002 |
verto sshould have a pointer to upstream sources and be in NOTICE |
| 7003 |
Fix month/year units in getdate |
| 7006 |
Fix format string for TRACE_INIT_CREDS_SERVICE |
| 7014 |
Fix com_err.h dependencies in gss-kernel-lib |
| 7015 |
Add plugin interface_names entry for ccselect |
| 7017 |
Simplify and fix kdcpreauth request_body callback |
| 7018 |
Update verto to 0.2.2 release |
| 7019 |
Make verto context available to kdcpreauth modules |
| 7020 |
reading minor error message doesn't work for the IAKERB mech |
| 7021 |
Fix failure interval of 0 in LDAP lockout code |
| 7023 |
Clean up client-side preauth error data handling |
| 7027 |
FAST PKINIT |
| 7029 |
Fix --with-system-verto without pkg-config |
| 7030 |
Ldap dependency for parallel builds |
| 7033 |
krb5 1.10 KRB5_PADATA_ENC_TIMESTAMP isn't working |
| 7034 |
mk_cred: memory management |
| 7035 |
krb5_lcc_store() now ignores config credentials |
| 7036 |
Fix free ofuninitialized memory in sname_to_princ |
| 7037 |
Use LsaDeregisterLogonProcess(), not CloseHandle() |
| 7038 |
Added support for loading of Krb5.ini from Windows APPDATA |
| 7039 |
Handle TGS referrals to the same realm |
| 7042 |
SA-2011-007 KDC null pointer deref in TGS handling [CVE-2011-1530] |
| 7049 |
Fix subkey memory leak in krb5_get_credentials |
| 7050 |
KfW changes for krb5-1.10 |
| 7051 |
krb5_server_decrypt_ticket_keytab wrongly succeeds |
| 7053 |
Verify acceptor's mech in SPNEGO initiator |
| 7055 |
Rename Table of Contents.hhc |
| 7057 |
Krb5 1.9.x does not build on Solaris 8 - Implicit function declaration error |
| 7060 |
Convert securid module edata method |
| 7065 |
delete duplicate NOTICE file |
| 7067 |
documentation license to CC-BY-SA 3.0 Unported |
| 7077 |
LIBS should not include PKINIT_CRYPTO_IMPL_LIBS |
| 7078 |
Use INSTALL_DATA to install message catalogues |
