[3990] in Kerberos
Release of Kerberos Beta 4 patchlevel 3
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Wed Oct 5 02:53:56 1994
Date: Wed, 5 Oct 1994 00:41:13 +0500
From: Theodore Ts'o <tytso@MIT.EDU>
To: kerberos@MIT.EDU
I am pleased to announce the release of Kerberos V5, Beta 4 patchlevel
3. It can be found via anonymous ftp from athena-dist.mit.edu, in the
directory /pub/kerberos. The file README.KRB5_BETA4 will provide
further instructions of how to pickup the new release.
There have been numberous bugs fixed in pl3; the most significant of
which is a that a very severe security hole related to inter-realm
authentication has been fixed. The hole was noticed by myself and Cliff
Neumann, and CyberSAFE corporation donated the code necessary to fix it.
Many thanks to CyberSAFE and to Tony Andrea at CyberSAFE, who actually
performed the coding.
pl3 should be more portable; we've been gradually incorporating
portability patches submitted to us, as well as increasing the number of
platforms which we use in-house to test things out. There are still a
whole host of portability fixes which haven't made it in yet, so please
be patient. appl/bsd is perhaps the worst offender in this regard; I
intend to see that it is significantly improved for pl4.
-----------------------------------------------------
Please note that pl3 use a new database encoding format, version 2.0.
pl3 can read Kerberos database entries created by previous versions
(both 1.0 and 0.0), but will only write database entries in the new
format. Hence, while you are testing pl3, please make sure that you do
not modify your Kerberos database, using either kdb5_edit or the kadmin
server, until you are sure that you will not need to back out pl3.
Alternatively, you can save a copy of pl2's kdb5_edit program, and you
can then backout to the pl2 format by using the pl3 kdb5_edit to dump
the database in ASCII format, and then using the pl2 kdb5_edit to reload
the database.
Once you are satisified with pl3, I suggest that you dump the database
using kdb5_edit's dump_db command, and then reload it using kdb5_edit'sl
oad_db command. This will ensure that all database records are
rewritten using the newest format. This is an important thing to do,
since future releases additional database format changes, and the
backwards compatibility support for database entry versions 1.0 and 0.0
will eventually be phased out.
-----------------------------------------------------
Good luck! and Enjoy!!
As always, bugs and patches should be sent to krb5-bugs@athena.mit.edu.
I look forward to your comments.
- Ted
