- We now install the compile_et program, so other packages can use the installed com_err library with their own error tables. (If you use our com_err code, that is; see below.)
- The header files we install now assume ANSI/ISO C ('89, not '99). We have stopped testing on SunOS 4, even with gcc. Some of our code now has C89-based assumptions, like free(NULL) being well defined, that will probably frustrate any attempts to run this code under SunOS 4 or other pre-C89 systems.
- Some new code, bug fixes, and cleanup for IPv6 support. Most of the code should support IPv6 transparently now. The RPC code (and therefore the admin system, which is based on it) does not yet support IPv6. The support for Kerberos 4 may work with IPv6 in very limited ways, if the address checking is turned off. The FTP client and server do not have support for the new protocol messages needed for IPv6 support (RFC 2429).
- We have upgraded to autoconf 2.52 (or later), and the syntax for specifying certain configuration options have changed. For example, autoconf 2.52 configure scripts let you specify command-line options like "configure CC=/some/path/foo-cc", so we have removed some of our old options like --with-cc in favor of this approach.
- The client libraries can now use TCP to connect to the KDC. This may be necessary when talking to Microsoft KDCs (domain controllers), if they issue you tickets with lots of PAC data.
- If you have versions of the com_err or ss installed locally, you can use the --with-system-et and --with-system-ss configure options to use them rather than using the versions supplied here. Note that the interfaces are assumed to be similar to those we supply; in particular, some older, divergent versions of the com_err library may not work with the krb5 sources. Many configure-time variables can be used to help the compiler and linker find the installed packages; see the build documentation for details.
- The AES cryptosystem has been implemented. However, support in the Kerberos GSSAPI mechanism has not been written (or even fully specified), so it's not fully enabled. See the documentation for details.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.