[772] in Kerberos
Patch #5 now available
daemon@TELECOM.MIT.EDU (John T Kohl)
Thu Aug 3 17:06:17 1989
From: John T Kohl <jtkohl@ATHENA.MIT.EDU>
To: kerberos@ATHENA.MIT.EDU
A fifth set of patches is now available from ATHENA-DIST.MIT.EDU, either
by anonymous FTP or by archive server mail retrieval.
Anonymous FTP:
connect to ATHENA-DIST.MIT.EDU, retreive /pub/kerberos/patch5
Archive server mail retrieval:
send a mail message with a subject 'send krb-code patch5' to
archive-server@ATHENA-DIST.MIT.EDU
John Kohl <jtkohl@ATHENA.MIT.EDU>
Digital Equipment Corporation/Project Athena
CHANGES in this patch file:
- clean up ext_srvtab
- patches for Ultrix 3.0 on DECstation 3100
- new key changing utility for srvtab's
- clean up kadmin server routines for inter-realm operation
- clean up kadmin client programs for inter-realm operation
*** important: you should use kdb_edit to change the
maximum lifetime of your administrators' instances
to something short (5 or 10 minutes, value of 1 or 2)
so that the kadmin client doens't leave long-lived
tickets in the ticket cache ***
- make the determination of the current realm depend on the current
ticket file (library changes, plus some user-code changes).
this means that kinit -r is now useful, without changing
/etc/krb.conf
- clean up ksrvtgt
- only verify master key once (instead of twice) in most cases
- decouple decryption routine from krb_get_int_tkt to allow
alternate methods
- turn on realm-checking code in read_service_key()
- update program man pages
- clear out session keys in one case in kerberos (missing
before)
- rename library archive before rebuilding to avoid redefinition
problems with long file names
- add option to make debugging (-g) libraries not strip out
debugging symbols
- add option to specify lint library creation flag
