[55] in Kerberos
New release
jon@ATHENA.MIT.EDU (jon@ATHENA.MIT.EDU)
Sun Aug 9 21:20:26 1987
From bcn@ATHENA.MIT.EDU Tue Aug 19 21:57:25 1986
From: Clifford Neuman <bcn@ATHENA.MIT.EDU>
Date: Tue, 19 Aug 86 19:53:53 EDT
To: geer
Subject: New release
Cc: asp, kerberos
There is a new version of kerberos available for friendly testers and
others who want it. It can be found in ~auth/src/kerberos.tar on
menelaus. As before, to use it, untar this file where you want the
new kerberos directory to go. The tar file will create the directory
for you. If you already have a local kerberos directory, delete it,
or move it before untaring the new release. Once untared, set the
symbolic link "/krb" to point to the new directory.
If you are on a workstation and don't want the .a or .h files, feel
free to delete them. It will give you back considerable space.
WARNING: if you run the old version of kinit you must use the old
verions of rlogin, rcp, etc, and vice versa. Using different versions
of these commands will result in a segmentation fault because of
(infinite recursion).
The new release provides the following:
krb.conf This file specifies your local realm on the first line
and the kerbeors servers for various realms on the
following lines. Warning: If not hosts are specified
for the default realm, kinit will time out real fast
as it "retries each of them" multiple times.
kinit no longer prints a message except for failures, or if you
specify the "-c" (confirmation) flag. It also allows you
specify a realm with the "-r" flag. This only works if
you have hosts listed in /etc/krb.conf for that realm.
kinit will also now try multiple kerberos servers if
more than one has been specified in /krb.conf.
kdestroy has a "-q" (quiet) and a "-f" (force) option. The
quiet option suppresses printing ^Gs wheras the force
option keeps it from printing anything. Also, thanks
to wesommer, kdestroy no zeroes the ticket file before
unlinking it.
klogind Assorted bug fixes.
kshd
rlogin
rcp
rsh
-----
realms Are now supported. You should not hardcode realm
names when using kerberos. You can, instead, use the
routine krb_getrlm(s,1) to write the current realm
(from krb.conf) into the string pointed to by s. The
length of this string should be REALM_SZ.
prot v4 The initial exchange of tickets now uses protocol
version 4. This limits the number of tickets
requested to 1. The change will alow the kerberos
server to be more resistant to errors since the lentgh
of its response is now bounded. The increment in
ther version number effects other exchanges as well.
Version three will be phased out and no longer
supported sometome around the 27th.
