Opened 8 years ago

Closed 8 years ago

#5690 closed enhancement (fixed)

krb5-1.13

Reported by: Fernando de Oliveira Owned by: Fernando de Oliveira
Priority: normal Milestone: 7.7
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13-signed.tar

http://web.mit.edu/kerberos/krb5-1.13/krb5-1.13.html

Administrator experience:

  Add support for accessing KDCs via an HTTPS proxy server using the
  MS-KKDCP protocol.
  Add support for hierarchical incremental propagation, where slaves can
  act as intermediates between an upstream master and other downstream
  slaves.
  Add support for configuring GSS mechanisms using /etc/gss/mech.d/*.conf
  files in addition to /etc/gss/mech.
  Add support to the LDAP KDB module for binding to the LDAP server using
  SASL.
  The KDC listens for TCP connections by default.
  Fix a minor key disclosure vulnerability where using the "keepold"
  option to the kadmin randkey operation could return the old keys.
  [CVE-2014-5351] 

User experience:

  Add client support for the Kerberos Cache Manager protocol. If the host
  is running a Heimdal kcm daemon, caches served by the daemon can be
  accessed with the KCM: cache type.
  When built on OS X 10.7 and higher, use "KCM:" as the default cache
  type, unless overridden by command-line options or krb5-config values. 

Performance:

  Add support for doing unlocked database dumps for the DB2 KDC back end,
  which would allow the KDC and kadmind to continue accessing the
  database during lengthy database dumps.

Change History (2)

comment:1 by Fernando de Oliveira, 8 years ago

Owner: changed from blfs-book@… to Fernando de Oliveira
Status: newassigned

comment:2 by Fernando de Oliveira, 8 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r14635.

Note: See TracTickets for help on using tickets.