Heimdal 0.8

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Heimdal 0.8

Love Hörnquist Åstrand

The superstitions gatekeeper had some bad luck, slipped on cvs and had
a horrible fall down on the release script.

In the confusion, Heimdal 0.8 escaped out the door and ran for the
freedom of certificates, digest processing, very big integers, and the
twisty maze of IMPLICIT encoded ASN.1 datagrams.
Changes in release 0.8

* PK-INIT support.

* HDB extensions support, used by PK-INIT.

* New ASN.1 compiler.

* GSS-API mechglue from FreeBSD.

* Updated SPNEGO to support RFC4178.

* Support for Cryptosystem Negotiation Extension (RFC 4537).

* A new X.509 library (hx509) and related crypto functions.

* A new ntlm library (heimntlm) and related crypto functions.

* Updated the built-in crypto library with bignum support using
    imath, support for RSA and DH and renamed it to libhcrypto.

* Subsystem in the KDC, digest, that will perform the digest
    operation in the KDC, currently supports: CHAP, MS-CHAP-V2, SASL
    DIGEST-MD5 NTLMv1 and NTLMv2.

* KDC will return the "response too big" error to force TCP retries
    for large (default 1400 bytes) UDP replies.  This is common for
    PK-INIT requests.

* Libkafs defaults to use 2b tokens.

* Default to use the API cache on Mac OS X.

* krb5_kuserok() also checks ~/.k5login.d directory for acl files,
    see manpage for krb5_kuserok for description.

* Many, many, other update to code and info manual and manual pages.

* Bug fixes

You can find the source code here:


Binary package for Mac OS X


Thanks to those reporting bugs and those that tested the release.

Assar, Jacques, Johan, Love, Luke