| Id | Subject
|
| 3973 |
kdb5_util load now fails if db doesn't exist [workaround] |
| 5468 |
delete kadmin v1 support |
| 5869 |
add_principals -randkey and default_principal_flags = +preauth don't get along |
| 6206 |
new API for storing extra per-principal data in ccache |
| 6434 |
krb5_cc_resolve() will crash if a null name param is provided |
| 6454 |
Make krb5_mkt_resolve error handling work |
| 6510 |
Restore limited support for static linking |
| 6539 |
Enctype list configuration enhancements |
| 6546 |
KDB should use enctype of stashed master key |
| 6547 |
Modify kadm5 initializers to accept krb5 contexts |
| 6563 |
Implement s4u extensions |
| 6564 |
s4u extensions integration broke test suite... |
| 6565 |
HP-UX IA64 wrong endian |
| 6572 |
Implement GSS naming extensions and authdata verification |
| 6576 |
Implement new APIs to allow improved crypto performance |
| 6577 |
Account lockout for repeated login failures |
| 6578 |
Heimdal DB bridge plugin for KDC back end |
| 6580 |
Constrained delegation without PAC support |
| 6582 |
Memory leak in _kadm5_init_any introduced with ipropd |
| 6583 |
Unbundle applications into separate repository |
| 6586 |
libkrb5 support for non-blocking AS requests |
| 6590 |
allow testing even if name->addr->name mapping doesn't work |
| 6591 |
fix slow behavior on Mac OS X with link-local addresses |
| 6592 |
handle negative enctypes better |
| 6593 |
Remove dependency on /bin/csh in test suite |
| 6595 |
FAST (preauth framework) negotiation |
| 6597 |
Add GSS extensions to store credentials, generate random bits |
| 6598 |
gss_init_sec_context potential segfault |
| 6599 |
memory leak in krb5_rd_req_decrypt_tkt_part |
| 6600 |
gss_inquire_context cannot handle no target name from mechanism |
| 6601 |
gsssspi_set_cred_option cannot handle mech specific option |
| 6602 |
gss_accept_sec_context cannot handle non-SPNEGO creds when using SPNEGO |
| 6603 |
issues with SPNEGO |
| 6605 |
PKINIT client should validate SAN for TGS, not service principal |
| 6606 |
allow testing when offline |
| 6607 |
anonymous PKINIT |
| 6616 |
Fix spelling and hyphen errors in man pages |
| 6618 |
Support optional creation of PID files for krb5kdc and kadmind |
| 6620 |
kdc_supported_enctypes does nothing; eradicate mentions thereof |
| 6621 |
disable weak crypto by default |
| 6622 |
kinit_fast fails if weak enctype is among client principal keys |
| 6623 |
Always treat anonymous as preauth required |
| 6624 |
automated tests for anonymous pkinit |
| 6625 |
yarrow code does not initialize keyblock enctype and uses unitialized value |
| 6626 |
Restore interoperability with 1.6 addprinc -randkey |
| 6627 |
Set enctype in crypto_tests to prevent memory leaks |
| 6628 |
krb5int_dk_string_to_key fails to set enctype |
| 6629 |
krb5int_derive_key results in cache with uninitialized values |
| 6630 |
krb5int_pbkdf2_hmac_sha1 fails to set enctype on keyblock |
| 6632 |
Simplify and fix FAST check for keyed checksum type |
| 6634 |
Use keyed checksum type for DES FAST |
| 6640 |
Make history key exempt from permitted_enctypes |
| 6642 |
Add test program for decryption of overly short buffers |
| 6643 |
Problem with krb5 libcom_err vs. system libcom_err |
| 6644 |
Change basename of libkadm5 libraries to avoid Heimdal conflict |
| 6645 |
Add krb5_allow_weak_crypto API |
| 6648 |
define MIN() in lib/gssapi/krb5/prf.c |
| 6649 |
Get rid of kdb_ext.h and allow out-of-tree KDB plugins |
| 6651 |
Handle migration from pre-1.7 databases with master key kvno != 1 (1.8 pullup) |
| 6652 |
Make decryption of master key list more robust |
| 6653 |
set_default_enctype_var should filter not reject weak enctypes |
| 6654 |
Fix greet_server build |
| 6655 |
Fix cross-realm handling of AD-SIGNEDPATH |
| 6656 |
krb5int_fast_free_state segfaults if state is null |
| 6657 |
enc_padata can include empty sequence |
| 6658 |
Implement gss_set_neg_mechs |
| 6659 |
Additional memory leaks in kdc |
| 6660 |
Minimal support for updating history key |
| 6662 |
MITKRB5-SA-2010-001 CVE-2010-0283 KDC denial of service |
| 6663 |
update mkrel to deal with changed source layout |
| 6665 |
Fix cipher state chaining in OpenSSL back end |
| 6667 |
Problem with krb5 libcom_err vs. system libcom_err |
| 6669 |
doc updates for allow_weak_crypto |
| 6691 |
krb524 source code is missing from krb5-1.8 tarball |
