Skip Menu |
3973 kdb5_util load now fails if db doesn't exist [workaround]
5468 delete kadmin v1 support
5869 add_principals -randkey and default_principal_flags = +preauth don't get along
6206 new API for storing extra per-principal data in ccache
6353 disable single-DES by default
6434 krb5_cc_resolve() will crash if a null name param is provided
6454 Make krb5_mkt_resolve error handling work
6510 Restore limited support for static linking
6539 Enctype list configuration enhancements
6546 KDB should use enctype of stashed master key
6547 Modify kadm5 initializers to accept krb5 contexts
6563 Implement s4u extensions
6564 s4u extensions integration broke test suite...
6565 HP-UX IA64 wrong endian
6572 Implement GSS naming extensions and authdata verification
6576 Implement new APIs to allow improved crypto performance
6577 Account lockout for repeated login failures
6578 Heimdal DB bridge plugin for KDC back end
6580 Constrained delegation without PAC support
6582 Memory leak in _kadm5_init_any introduced with ipropd
6583 Unbundle applications into separate repository
6586 libkrb5 support for non-blocking AS requests
6590 allow testing even if name->addr->name mapping doesn't work
6591 fix slow behavior on Mac OS X with link-local addresses
6592 handle negative enctypes better
6593 Remove dependency on /bin/csh in test suite
6595 FAST (preauth framework) negotiation
6597 Add GSS extensions to store credentials, generate random bits
6598 gss_init_sec_context potential segfault
6599 memory leak in krb5_rd_req_decrypt_tkt_part
6600 gss_inquire_context cannot handle no target name from mechanism
6601 gsssspi_set_cred_option cannot handle mech specific option
6602 gss_accept_sec_context cannot handle non-SPNEGO creds when using SPNEGO
6603 issues with SPNEGO
6605 PKINIT client should validate SAN for TGS, not service principal
6606 allow testing when offline
6607 anonymous PKINIT
6616 Fix spelling and hyphen errors in man pages
6618 Support optional creation of PID files for krb5kdc and kadmind
6620 kdc_supported_enctypes does nothing; eradicate mentions thereof
6621 disable weak crypto by default
6622 kinit_fast fails if weak enctype is among client principal keys
6623 Always treat anonymous as preauth required
6624 automated tests for anonymous pkinit
6625 yarrow code does not initialize keyblock enctype and uses unitialized value
6626 Restore interoperability with 1.6 addprinc -randkey
6627 Set enctype in crypto_tests to prevent memory leaks
6628 krb5int_dk_string_to_key fails to set enctype
6629 krb5int_derive_key results in cache with uninitialized values
6630 krb5int_pbkdf2_hmac_sha1 fails to set enctype on keyblock
6632 Simplify and fix FAST check for keyed checksum type
6634 Use keyed checksum type for DES FAST
6640 Make history key exempt from permitted_enctypes
6642 Add test program for decryption of overly short buffers
6643 Problem with krb5 libcom_err vs. system libcom_err
6644 Change basename of libkadm5 libraries to avoid Heimdal conflict
6645 Add krb5_allow_weak_crypto API
6648 define MIN() in lib/gssapi/krb5/prf.c
6649 Get rid of kdb_ext.h and allow out-of-tree KDB plugins
6651 Handle migration from pre-1.7 databases with master key kvno != 1 (1.8 pullup)
6652 Make decryption of master key list more robust
6653 set_default_enctype_var should filter not reject weak enctypes
6654 Fix greet_server build
6655 Fix cross-realm handling of AD-SIGNEDPATH
6656 krb5int_fast_free_state segfaults if state is null
6657 enc_padata can include empty sequence
6658 Implement gss_set_neg_mechs
6659 Additional memory leaks in kdc
6660 Minimal support for updating history key
6662 MITKRB5-SA-2010-001 CVE-2010-0283 KDC denial of service
6663 update mkrel to deal with changed source layout
6665 Fix cipher state chaining in OpenSSL back end
6667 Problem with krb5 libcom_err vs. system libcom_err
6669 doc updates for allow_weak_crypto
6691 krb524 source code is missing from krb5-1.8 tarball