| # | Subject |
| 194 |
a stash file is not a keytab |
| 914 |
keytab add without randomizing key |
| 1109 |
setting default_keytab_name does not work with ktadd in kadmin |
| 1165 |
annoying error message from krb5_mk_priv() |
| 1201 |
replay cache can produce false positive indications |
| 1624 |
use more secure checksum types |
| 2836 |
feature request: compile/link time warnings for deprecated functions |
| 2939 |
unified CCAPI implementation |
| 3496 |
krb524d should log success as well as failure |
| 3497 |
problems with corrupt (truncated) ccaches |
| 3499 |
race in replay cache file ownership |
| 3737 |
plugins support requires a Windows equivalent to opendir and friends |
| 3929 |
support lazy launching of ccapi server |
| 3930 |
CCAPI server must be able to distinguish context handles from other server instances |
| 3931 |
CCAPI context and ccache change times must be stored by the client |
| 3932 |
CCAPI should use a cc_handle not implemented as a pointer |
| 3933 |
CCAPI client library reconnection support |
| 3934 |
Implement CCAPI blocking calls |
| 3935 |
CCAPI implement locking |
| 3936 |
krb5_ccache functions should use the ccapi version 3 interface |
| 4241 |
Command line --version option |
| 5411 |
MEMORY keytab |
| 5425 |
nonce needs to be random |
| 5427 |
buffer overflow in krb5_kt_get_name |
| 5428 |
MEMORY keytab leaks |
| 5429 |
MEMORY keytab should use krb5_copy_keyblock |
| 5430 |
MEMORY keytab's get_entry should set enctypes and kvnos |
| 5431 |
krb5_kt_get_type should return const char *. |
| 5432 |
krb5_kt_default_name should take an unsized length |
| 5440 |
sendto_kdc() not signal safe, doesn't respond well to staggered TCP responses. |
| 5481 |
manual test of commit handler |
| 5517 |
use IP(V6)_PKTINFO in KDC for UDP sockets |
| 5545 |
uninitialized salt length when reading some keys |
| 5560 |
threads on Solaris 10 |
| 5561 |
close-on-exec flags |
| 5565 |
krb5kdc.M is confused about keytype |
| 5567 |
don't check for readability resolving SRVTAB: keytab |
| 5568 |
Move CCAPI sources to krb5 repository |
| 5569 |
Fixed bugs introduced while moving to krb5 repository |
| 5570 |
Only use __attribute__ on GNUC compilers |
| 5574 |
Add advisory locking to CCAPI |
| 5575 |
don't include time.h in CredentialsCache.h if it's not needed |
| 5578 |
test commit handler |
| 5580 |
provide asprintf functionality for internal use |
| 5587 |
PRF for non-AES enctypes |
| 5589 |
krb5 trunk no longer builds on Windows - vsnprintf implementation required |
| 5590 |
gss krb5 mech enhanced error messages |
| 5593 |
kadmind crash on Debian AMD64 |
| 5594 |
Work on compiling CCAPI test suite on Windows |
| 5595 |
Problems with kpasswd and an IPv6 enviroment |
| 5596 |
patch for providing a way to set the ok-as-delegate flag |
| 5598 |
ccs_pipe_t needs copy and release functions |
| 5599 |
Added new autogenerated file to generate-files-mac target |
| 5600 |
provide more useful error message when running kpropd on command line |
| 5635 |
need more dylib_file specs for darwin |
| 5641 |
kadm5_setkey_principal_3 fix |
| 5642 |
Remove unused, unlocalizable error strings |
| 5643 |
Alignment fix |
| 5649 |
t_ser should no longer use kdb libraries |
| 5654 |
remap mechanism-specific status codes in mechglue/spnego |
| 5655 |
authorization-data plugin support in KDC |
| 5657 |
(Mac-specific) PROG_LIBPATH build fix |
| 5667 |
listprincs *z is broken |
| 5670 |
Add documentation for CCAPI |
| 5671 |
cleanup src/lib/gssapi/krb5/error_map.h on Windows |
| 5672 |
no unistd.h on Windows |
| 5699 |
test program build problem |
| 5754 |
cci_array_move should work when the source and dest positions are equal |
| 5760 |
stdint.h should only be accessed if HAVE_STDINT_H defined |
| 5771 |
cc_ccache_set_principal always returns error 227 |
| 5776 |
profile library memory leaks introduced when malloc returns 0 |
| 5786 |
Update Release Documentation for KFW 3.2.2 |
| 5804 |
cc_initalize(ccapi_version_2) should return CC_BAD_API_VERSION not CC_NOT_SUPP |
| 5805 |
Add documentation for error codes used for flow control. |
| 5806 |
Removed NOP line of code from krb5_fcc_next_cred() |
| 5807 |
can't store delegated krb5 creds when using spnego |
| 5813 |
cc_ccache_store_credentials should return ccErrBadCredentialsVersion |
| 5814 |
cci_array_move not returning correct new position |
| 5815 |
ccs_lock_status_grant_lock granting wrong lock |
| 5822 |
fixed mispelling in kadmin error message |
| 5828 |
Include time.h for time() |
| 5835 |
Kerberos with apple leopard |
| 5863 |
[no subject] |
| 5864 |
improve debugging of ticket verification in ksu |
| 5867 |
krb-priv sequence numbers don't match up in retransmitted requests |
| 5872 |
Add ccs_pipe_compare |
| 5884 |
Need CCAPI v2 support for Windows |
| 5885 |
Remove AppleConnect workaround |
| 5894 |
krb5int_arcfour_string_to_key does not support utf-8 strings |
| 5899 |
Compiling krb5-1.6.3 on FreeBSD 7.0-RELEASE |
| 5900 |
ccs_ccache_reset should check all arguments for NULL |
| 5901 |
CCAPI v2 support crash when client or server strings are NULL |
| 5902 |
cci_cred_union_compare_to_credentials_union doesn't work for v5 creds |
| 5903 |
Fix pointer cast in cc_seq_fetch_NCs_end |
| 5904 |
cc_set_principal should return error on bad cred version |
| 5905 |
cc_remove_cred should only remove one cred |
| 5906 |
Fixed error code remapping |
| 5907 |
Removed tests for check_cc_context_get_version |
| 5908 |
Remove C warnings from CCAPI tests |
| 5909 |
Add CCAPI v2 tests |
| 5911 |
removed unused header file inclusion CoreFoundation.h |
| 5912 |
Invalid assignment while trying to set input to NULL |
| 5915 |
cc_ccache_iterator_release, cc_credentials_iterator_release leak server memory |
| 5920 |
CCacheServer should track client iterators |
| 5923 |
Protect CFBundle calls with mutexes |
| 5925 |
Windows socket(...) returns SOCKET, not file handle |
| 5926 |
Added prototype to test function to remove warning. |
| 5943 |
db creation creates a kadmin/hostname princ but doesn't fix case |
| 5947 |
krb5_walk_realm_tree broken substring logic |
| 5948 |
error in filebase+suffix list generation in plugin code |
| 5949 |
Don't leak memory when multiple arguments are NULL |
| 5954 |
ksu fails without domain_realm mapping for local host |
| 5960 |
Move KIM implementation to the krb5 repository |
| 5962 |
unchecked calls to k5_mutex_lock() interact poorly with finalizers |
| 5963 |
Profile library should not call rw_access earlier than needed |
| 5964 |
Re: Fwd: [modauthkerb] [SOLVED] 'Request is a replay' + Basic auth |
| 5966 |
signed vs unsigned char * warnings in kdb_xdr.c |
| 5967 |
No prototype when building kdb5_util without krb4 support |
| 5969 |
Add header for kill() in USE_PASSWORD_SERVER case |
| 5982 |
cci_credentials_iterator_release using wrong message ID |
| 5989 |
Add new launchd flags to CCacheServer plist file |
| 5990 |
kadm5_setkey_principal_3 not copying key_data_ver and key_data_kvno |
| 5992 |
incorporate Sun's incremental propagation code |
| 5993 |
Masterkey Keytab Stash |
| 5999 |
fix ktutil listing with timestamp |
| 6000 |
misc uninitialized-storage accesses |
| 6001 |
Big endian stash file support |
| 6002 |
krb5_rc_io_creat should use mkstemp |
| 6005 |
krb5_get_error_message returns const char * |
| 6009 |
kdc does not compile with glibc 2.8 |
| 6010 |
krb5int_gic_opte_copy should copy elements individually |
| 6011 |
Add EnableTransactions launchd option to CCacheServer |
| 6012 |
Add EnableTransactions launchd option to KerberosAgent |
| 6013 |
Stop building Kerberos.app as part of KfM. |
| 6015 |
gss_export_lucid_sec_context support for SPNEGO |
| 6016 |
SPNEGO workaround for SAMBA mech OID quirks |
| 6017 |
KDC virtual address support |
| 6019 |
Add signal to force KDC to check for changed interfaces |
| 6024 |
Don't use "ccache" in error string printed to user |
| 6025 |
Add macro so we don't print deprecated warnings while building KfM |
| 6026 |
CCacheServer crashes iterating over creds which have been destroyed |
| 6029 |
kadmind leaks error strings on failures |
| 6031 |
krb needs better realm lookup logic |
| 6032 |
test commit handler change |
| 6044 |
Add Apple Inc. to copyright lists. |
| 6052 |
Return extended krb5 error strings |
| 6055 |
KIM API |
| 6063 |
error in socket number range check in kdc |
| 6066 |
turn off thread-support debugging code |
| 6070 |
update DES code copyright notices |
| 6074 |
Use a valid UTF8 password for randkey password |
| 6075 |
Open log file for appending only, not also reading |
| 6076 |
Don't build PKINIT ASN.1 support code if not building PKINIT plugin |
| 6077 |
krb5_fcc_resolve file locking error on malloc failuer |
| 6080 |
mac port of kim should not depend on kipc |
| 6081 |
Conditionalize building of CCAPI ccache type on USE_CCAPI |
| 6083 |
profile write code should only quote empty strings |
| 6087 |
Notify clients on ccache deletion |
| 6088 |
Add support to send CFNotifications on ccache and cache collection changes |
| 6090 |
k5_mutex_destroy calls pthread_mutex_destroy with mutex locked |
| 6091 |
lean client changes |
| 6093 |
KIM should not provide keytab functions when building lite framework |
| 6094 |
CCAPI is leaking mach ports |
| 6101 |
compile-time flag to disable iprop |
| 6103 |
fix resource leak in USE_PASSWORD_SERVER code |
| 6108 |
A client can fail to get initial creds if it changes the password while doing so. |
| 6111 |
CCAPI should only use one pthread key |
| 6120 |
increase rpc timeout |
| 6121 |
dead code in lib/rpc/clnt_udp.c |
| 6131 |
Removed argument from kipc_client_lookup_server |
| 6133 |
don't do C99-style mixing declarations with code |
| 6138 |
Switch KfM back to error tables |
| 6140 |
CCAPI should use common ipc and stream code |
| 6142 |
KerberosAgent dialogs jump around the screen |
| 6143 |
KerberosAgent: Enter Identity text field shouldn't be clear automatically |
| 6144 |
KerberosAgent: ignore user interaction while busy |
| 6145 |
KerberosAgent attach associated dialogs to Select Identity dialog |
| 6146 |
Client name passed by KIM is incorrect |
| 6147 |
KerberosAgent Use Defaults button doesn't work |
| 6151 |
Don't touch keychain if home directory access is disabled |
| 6153 |
Add KLL error table |
| 6154 |
Hinge building KLL shim off KIM_TO_KLL_SHIM, not LEAN_CLIENT |
| 6155 |
KLLastChangedTime should return current time, not 0 |
| 6156 |
KLL shim layer does not correctly handle options |
| 6157 |
KIM should remember options and identity if prefs indicate |
| 6158 |
KerberosAgent should handle multiple clients simultaneously |
| 6159 |
KerberosAgent should handle zoom button better |
| 6160 |
KLL should use __attribute ((deprecated)) |
| 6162 |
kim_options_copy should allow in_options to be KIM_OPTIONS_DEFAULT |
| 6163 |
Crash in kim_credential_create_from_keytab |
| 6164 |
KL APIs which take a NULL principal return klParameterErr |
| 6165 |
kim_options_create sometimes returns KIM_OPTIONS_DEFAULT |
| 6166 |
preferences should handle KIM_OPTIONS_DEFAULT |
| 6168 |
prefs should not create empty dictionary for KIM_OPTIONS_DEFAULT |
| 6169 |
Missing keys in KerberosAgent Info.plist |
| 6170 |
change password should always reprompt on error |
| 6171 |
allow kim ui plugins to have any name |
| 6172 |
kim_ui_plugin_fini sends pointer to context instead of context. |
| 6175 |
always zero out authentication strings |
| 6176 |
Test KIM plugin |
| 6179 |
kim_os_string_create_localized leaks CFStringRef |
| 6181 |
Free error message returned by krb5_get_error_message |
| 6182 |
kim test suite reports error messages incorrectly |
| 6183 |
KerberosAgent enter identity dialog should use default |
| 6184 |
handle stash file names with missing keytab type spec and colon in path |
| 6185 |
Merge KerberosIPC into k5_mig support |
| 6186 |
Move GUI/CLI detection from KerberosIPC into KIM |
| 6187 |
use KIM_BUILTIN_UI instead of LEAN_CLIENT for builtin UI |
| 6189 |
remove unused variable in kim_ui_cli_ask_change_password |
| 6190 |
Use a context to store error table info |
| 6192 |
Treat unreadable terminal as user cancelled so regression tests work |
| 6193 |
Remap some of the more confusing krb5 errors |
| 6194 |
Double free and leak in kim_os_library_get_application_path |
| 6195 |
Added back KLL test programs |
| 6197 |
KLCreatePrincipalFromTriplet should work with empty instance |
| 6198 |
KerberosAgent continues to ignore mouse events after error |
| 6199 |
don't include "WRFILE:" in call to mktemp |
| 6201 |
small leak in KDC authdata plugins |
| 6202 |
kadmind leaks extended error strings |
| 6203 |
DELEG_POLICY_FLAG for GSS |
| 6210 |
pa_sam leaks parts of krb5_sam_challenge |
| 6211 |
pam_sam leaking outer krb5_data created by encode_krb5_sam_response |
| 6214 |
krb5_change_set_password not freeing chpw_rep contents |
| 6216 |
Free data in tests so leaks checking is easier |
| 6217 |
kim_preferences should free old identity before overwriting |
| 6218 |
kim_ccache_iterator_next leaks principal |
| 6219 |
kim_os_library_get_caller_name leaks file path |
| 6220 |
kim_identity_change_password_with_credential leaks krb5_creds |
| 6221 |
KerberosAgent should clear generic auth prompt |
| 6222 |
KerberosAgent enter dialog should add entered identities to favorites |
| 6224 |
KerberosAgent 'no selection' placeholder in ticket options |
| 6225 |
Remove ipc message sent on cc_context_release |
| 6226 |
KIM should only display error dialogs if it has displayed UI already |
| 6227 |
Apple LW_net_trans.patch make KDC rescan network after 30 seconds |
| 6231 |
Apple split build support |
| 6247 |
Apple patch: null out pointer in string_to_key after free |
| 6248 |
Apple patch: destroy Mach ports on unload |
| 6250 |
Use CFStringGetCStringPtr when possible |
| 6251 |
Add test for kim_identity_create_from_components |
| 6252 |
krb5_build_principal_va does not allocate krb5_principal |
| 6254 |
krb5_build_principal_ext walks off beginning of array |
| 6255 |
partial rewrite of the ASN.1 encoders |
| 6256 |
localize format strings, not final error string |
| 6260 |
KerberosAgent hangs changing pw for passwordless identities |
| 6261 |
Remove saved password if it fails to get tickets |
| 6262 |
Only prompt automatically from GUI apps |
| 6264 |
Avoid duplicate identical dialogs in KIM |
| 6265 |
KerberosAgent bindings causing crashes |
| 6266 |
BIND_8_COMPAT no longer needed in Leopard |
| 6267 |
Add _with_password credential acquisition functions to KIM API |
| 6274 |
Crypto IOV API per Projects/AEAD encryption API |
| 6282 |
krb5kdc deref uninit memory on the stack on unknown principal (pk-init) |
| 6285 |
Provide SPI to switch the mach port lookup for kipc |
| 6286 |
Allow kerberos configuration files fail with EPERM |
| 6289 |
replay cache is insecurely handled |
| 6290 |
KIM: Pushing authentication login window do application |
| 6291 |
Using referrals fills the the credentials cache more entries of the same name |
| 6294 |
lib/gssapi/krb5/init_sec_context.c: don't leak on mutex_lock failure |
| 6295 |
Memory leak in KIM identity object |
| 6297 |
"make check" fails due to krb5_cc_new_unique() on 64-bit Solaris SPARC under Sun Studio |
| 6302 |
kadmind mem leaks [rdar 6358917] |
| 6303 |
Remove krb4 support |
| 6308 |
Alignment problem in resolver test |
| 6309 |
update ldap plugin Makefile for krb4 removal |
| 6312 |
kg_ctx_internalize() gets some ordering wrong |
| 6313 |
Merge mskrb-integ onto trunk |
| 6315 |
move generated dependencies out of Makefile.in |
| 6316 |
KIM GC problem on 64-bit |
| 6335 |
test failures in password changing |
| 6336 |
enctype negotiation - etype list |
| 6337 |
kadmin should force non-forwardable tickets |
| 6339 |
Fwd: krb5_sendauth vs NAGLE vs DelayedAck |
| 6342 |
hash db2 code breaks if st_blksize > 64k |
| 6348 |
kadmin and ktutil installed in sbin, should be bin |
| 6349 |
lib/rpc tests should not fail if portmap/rpcbind not running |
| 6351 |
gss_header|trailerlen should be unsigned int |
| 6352 |
return correct kvno in TGS case |
| 6354 |
Master Key Migration Project |
| 6355 |
use t_inetd with a ready message and avoid waiting a lot in non-root tests |
| 6356 |
small storage leak in KDC startup |
| 6357 |
address lib/kadm5 test suite slowness |
| 6358 |
speed up kpasswd tests |
| 6360 |
utf8_conv.c: wrong level of indirection in free() |
| 6361 |
new multi-masterkey support doesn't work well when system clock is set back |
| 6362 |
don't do arithmetic on void pointers |
| 6363 |
int/ptr bug in gssapi code |
| 6364 |
declare replacement [v]asprintf functions |
| 6365 |
include omitted system header string.h |
| 6367 |
Fix a memory leak in krb5_kt_resolve |
| 6368 |
chpw.c: missing break in switch statement |
| 6370 |
Fix assertion in gc_frm_kdc.c |
| 6371 |
deal with memleaks in migrate mkey project |
| 6372 |
Fix memory handling bug in mk_req_ext |
| 6373 |
remove some redundant or useless qualifiers |
| 6374 |
Do not assume sizeof(bool_t) == sizeof(krb5_boolean) |
| 6375 |
Fix error handling in krb5_walk_realm_tree |
| 6376 |
Memory handling fixes in walk_rtree |
| 6377 |
make krb5_free_* functions ignore NULL |
| 6378 |
Change contract of krb5int_utf8_normalize and fix memory leaks |
| 6379 |
Fix possible free of uninitialized value in walk_rtree |
| 6390 |
--disable-rpath is not working |
| 6392 |
Fix allocation failure check in walk_rtree |
| 6393 |
Implement TGS authenticator subkey support |
| 6397 |
use macros for config parameter strings |
| 6398 |
remove obsolete GNU.ORG realm info |
| 6400 |
GSSAPI authdata extraction should merge ticket and authenticator authdata |
| 6401 |
send_as_req re-encodes the request |
| 6402 |
CVE-2009-0845 SPNEGO can dereference a null pointer |
| 6403 |
kdb5_ldap_util create segfaults when krb5_dbekd_encrypt_key_data() called |
| 6405 |
fixing several bugs relating to the migrate mkey project using a LDAP KDB |
| 6407 |
Make a working krb5_copy_error_message |
| 6408 |
Report verbose error messages from KDC |
| 6412 |
crash using library-allocated storage for header in wrap_iov |
| 6415 |
Use correct salt for canonicalized principals |
| 6418 |
Improve LDAP admin documentation |
| 6419 |
Document alias support in LDAP back end |
| 6420 |
Add LDAP back end support for canonical name attribute |
| 6421 |
Implement KRB-FX_CF2 |
| 6422 |
Implement krb5int_find_authdata |
| 6423 |
krb5_auth_con_free should support freeing a null auth_context without segfault. |
| 6424 |
Call kdb_set_mkey_list from the KDC |
| 6425 |
Memory leak cleanup in ASN.1 |
| 6427 |
Fix error handling issue in ASN.1 decoder |
| 6431 |
Install kadmin and kdb headers |
| 6432 |
Update kdb5_util man page for mkey migration project |
| 6435 |
Add PAC and principal parsing test cases |
| 6436 |
Implement FAST from draft-ietf-krb-wg-preauth-framework |
| 6437 |
mark export grade RC4 as weak |
| 6438 |
Handle authdata encrypted in subkey |
| 6439 |
Implement KDC side of TGS FAST |
| 6442 |
Null pointer defref in adding info |
| 6443 |
CVE-2009-0844 SPNEGO can read beyond buffer end |
| 6444 |
CVE-2009-0847 asn1buf_imbed incorrect length validation |
| 6445 |
CVE-2009-0846 asn1_decode_generaltime can free uninitialized pointer |
| 6449 |
Fall through on error return |
| 6450 |
kdc: handle_referral_params does not return ENOMEM errors |
| 6451 |
Update defaults in documentation |
| 6452 |
Document allow_weak_crypto |
| 6456 |
fix memory management in handle_referral_params |
| 6457 |
KDC realm referral test |
| 6458 |
use isflagset correctly in TGS referrals |
| 6459 |
Update kdb5_util man page with missing purge_mkeys command |
| 6460 |
Implement kinit option for FAST armor ccache |
| 6461 |
Require fast_req checksum to be keyed |
| 6462 |
clean up KDC realm referrals error handling |
| 6463 |
realm referral test cases forcing KRB5_NT_UNKNOWN |
| 6464 |
verify return code from krb5_db_set_mkey_list |
| 6465 |
send_tgs.c static analyzer friendliness |
| 6466 |
check encode_krb5_ap_req return in send_tgs.c |
| 6467 |
new copy_data_contents variant that null-terminates |
| 6468 |
k5_utf8s_to_ucs2s could deref NULL pointer... |
| 6469 |
fcc_generate_new destroys locked mutex on error |
| 6470 |
Send explicit salt for SALTTYPE_NORMAL keys |
| 6472 |
typo in ksu error message |
| 6473 |
strip ok-as-delegate if not in cross-realm TGT chain |
| 6474 |
move kadmin, ktutil, k5srvutil man pages to man1 |
| 6475 |
Adding keys to malformed keytabs can infinitely extend the file |
| 6477 |
make installed headers C++-safe |
| 6478 |
Fix handling of RET_SEQUENCE flag in mk_priv/mk_ncred |
| 6479 |
Add DEBUG_ERROR_LOCATIONS support |
| 6480 |
Do not return PREAUTH_FAILED on unknown preauth |
| 6482 |
Allow more than 10 past keys to be stored by a policy |
| 6483 |
man1 in title header for man1 manpages |
| 6484 |
work around Heimdal not using subkey in TGS-REP |
| 6485 |
document ok_as_delegate in admin.texinfo |
| 6486 |
t_pac fails on SPARC Solaris |
| 6488 |
NFS fails to work with KRB5 1.7 |
| 6489 |
UCS2 support doesn't handle upper half of BMP |
| 6490 |
Windows interop with RC4 TGS-REQ subkeys |
| 6492 |
Remove spurious assertion in handle_authdata |
| 6493 |
some fixes for 1.7 |
| 6495 |
Fix test rules for non-gmake make versions |
| 6496 |
Fix vector initialization error in KDC preauth code |
| 6497 |
kinit/fast usage message |
| 6498 |
spnego_mech.c syntax error under _GSS_STATIC_LINK |
| 6499 |
use printf format attribute only with gcc |
| 6500 |
use correct type for krb5_c_prf_length length arg |
| 6501 |
Temporarily disable FAST PKINIT for 1.7 release |
| 6502 |
typo in doc/api/krb5.tex |
| 6503 |
typo in admin.texinfo |
RT for krbdev.mit.edu