Release Notes: This release adds support for overriding the configuration via a few environment variables. Experimental KDC now supports non-default ticket life lengths. Nettle is preferred over Libgcrypt. The pkg-config script no longer specifies -R. Files copied from libtasn1 and gnulib were updated.
Release Notes: Random sequence numbers are added to Authenticator/EncAPRepPart by default. Low-level crypto fixes were made to AES-CTS mode. Many cleanups were done.
Release Notes: The high-level AP interface now supports setting raw checksum field values.
Release Notes: The cryptographic salt computation in Shisa was fixed. The cryptographic key file parser in Shisa was fixed to handle keys with leading white space. A command line parser crash in Shishid was fixed.
Release Notes: The user database supports multiple keys per user. The Kerberos server (KDC) supports TLS resumption, which improves handshake speed. The manual documents the Shisa user database API. There are error handling and various other improvements to the KDC.
Release Notes: The client and server (KDC) now support X.509 authentication via TLS. The manual was updated and now contains a walk-through on setting up a Kerberos CA, as well as a walk-through on generating certificates for kerberos clients/KDCs.
Release Notes: A modularized database backend called Shisa was added, designed to allow support for LDAP, SQL, etc. The Kerberos server was modified to use the new database system. The library now handles poorly synchronized clocks better. Support for (3)DES without integrity checking has been re-added for the GSS library. There are many additions to the manual. Client and server communication can be protected by TLS (new in 0.0.8).
Release Notes: Support for DES-CBC-CRC and ARCFOUR encryption types has been added. Short-hand aliases (e.g. "aes") can be used instead of the full encryption type names (e.g. "aes256-cts-hmac-sha1-96").
Release Notes: Proxiable, proxy, forwardable, and forwarded tickets are supported. Man pages for all public functions are included. Installed versions of Libgcrypt and libtasn1 used where possible. It is possible to enable and disable specific cipher suites at compile time. The internal crypto interface is now fully modularized. The logging destination for warnings and informational messages can be changed.
Release Notes: Integrity/privacy protected application exchanges (SAFE/PRIV) are supported. Server host name to realm mapping via DNS is supported. A Reference Manual was added.