Skip Menu |
5891 kdb_ldap should treat entries with "nsAccountLock: true" as locked
7135 gssapi mechanism glue dlcloses objects potentially after they are already unloaded
7765 Some ccache functions not exported
7871 KDC should not fail requests due to forwardable/proxiable option
8349 use __APPLE_USE_RFC_3542 to get IPV6_PKTINFO on Mac OS X
8761 ksu doesn't allow acquisition of non-forwardable tickets
8764 get_creds can add redundant cache entry for referral ticket
8765 Add dns_canonicalize_hostname=fallback support
8773 Mark deprecated enctypes when used
8775 Process SPNEGO error tokens through mech
8777 S4U2Self with X.509 certificate bugs
8778 Add new kvno protocol transition options
8780 Expand S4U2Self exception in KDC lineage check
8781 Add KDC support for X.509 S4U2Self requests
8784 Use better name type for PKINIT KDC certs
8785 Use memory replay cache for DO_TIME auth contexts
8786 Hash-based replay cache implementation
8788 Rename to
8791 Add option to build without libkeyutils
8792 Implement krb5_cc_remove_cred for remaining types
8793 Remove srvtab support
8794 Remove kadmin RPC support for setting v4 key
8795 configure: chech for libncursesw, if libncurses is not found
8798 Remove ovsec_adm_export dump format support
8799 Check more errors in OpenSSL crypto backend
8800 Add secure_getenv() support
8804 Remove checksum type profile variables
8805 Modernize example enctypes in documentation
8806 kdb5_util errors on command arguments matching command names
8807 Set a more modern default ksu CMD_PATH
8808 Remove single-DES support
8811 In klist, display ticket server if different
8812 Remove support for no-flags SAM-2 preauth
8815 Verify PAC client name independently of name-type
8816 kproplog cannot display LOCKDOWN_KEYS attribute
8817 Remove PKINIT draft 9 support
8819 gss_set_allowable_enctypes() fails if any enctypes aren't recognized
8823 Allow the KDB to see and modify auth indicators
8827 Change definition of KRB5_KDB_FLAG_CROSS_REALM
8828 Add API to get client account name from PAC
8829 Fix authdata signatures for non-TGT AS-REQs
8833 Add environment variable for GSS mech config
8842 Record start time of AS requests earlier in KDC
8843 Allow client canonicalization in non-krbtgt AS-REP
8844 SPNEGO should filter mechs on acceptor with gss_acquire_cred()
8845 SPNEGO init/accept output parameter bugs
8847 Add enforce_ok_as_delegate setting
8849 Install gssapi/gssapi_alloc.h properly
8851 NegoEx
8855 Qualify short hostnames when not using DNS
8856 segfault in krb5-1.17.1/src/lib/krb5/krb/authdata.c
8857 Don't warn in kadmin when no policy is specified
8858 Do not always canonicalize enterprise principals
8860 Allow kprop over NATs
8861 Fix LDAP policy enforcement of pw_expiration
8864 Fix error handling in gssint_mechglue_init()
8865 Check cross-realm TGT name for RBCD requests
8866 Fix S4U client authdata handling
8867 Fix KDC crash in handle_signticket
8868 Allow cross-realm RBCD with PAC and other authdata
8869 Apply permitted_enctypes to KDC request enctypes
8870 Honor transited-policy-checked flag in servers
8872 Put KDB authdata first
8873 Don't assume OpenSSL failures are memory errors
8874 Always use S4U2Proxy second ticket parsed authdata