Version 1.1 of Heimdal

1.1

08 May 2008 13:23

Release Notes: Read-only PKCS11 provider is built in to hx509. Documentation for hx509, hcrypto, and ntlm libraries was improved. Better compatibilty with Windows 2008 Server pre-releases and Vista. Mac OS X 10.5 support for native credential cache. A pkg-config file for Heimdal (heimdal-gssapi.pc). Several bugs were fixed.

1.0.1

09 Aug 2007 08:30

Release Notes: Several bugs in iprop were fixed. Platforms without dlopen are now supported. RFC3526 modp group14 is now included by default. [kdc] database = { } entries are now handled without realm = stanzas. krb5_get_renewed_creds and kaserver preauth were fixed along with other bugs.

1.0

05 Aug 2007 16:39

Release Notes: A new gss_pseudo_random() function for mechglue and krb5 has been added, and the session key for the krbtgt is now selected by the client's best encryption type. Interoperability with other PK-INIT implementations has improved, and there is inital support for Mac OS X Keychain for hx509, as well as alias support for inital ticket requests. Symbol versioning has been added to selected libraries on platforms that use the GNU link editor: gssapi, hcrypto, heimntlm, hx509, krb5, and libkdc. A new version of imath is included in hcrypto. Some memory leaks and other bugs were also fixed.

0.7.2

13 Jan 2007 07:02

Release Notes: This release fixes a security problem in rshd that enabled an attacker to overwrite and change ownership of any file that root could write. It fixes a DOS in telnetd. It makes gss_acquire_cred(GSS_C_ACCEPT) check that the requested name exists in the keytab before returning success. (This allows servers to check if it's even possible to use GSSAPI.) It fixes the receiving end of token delegation for GSS-API. It still wrongly uses subkey for sending, for compatibility reasons. telnetd, login, and rshd are now more verbose in logging failed and successful logins.