I guess I should use an old beta announcement as the boilerplate instead of an old release announcement.
Kevin -----Original Message----- The MIT Kerberos Development Team and Secure Endpoints Inc. are proud to announce the first beta release of MIT's Kerberos for Windows product, Version 3.2.2. Please send bug reports and feedback to [EMAIL PROTECTED] What's New in KFW 3.2.2 ======================= * Network Identity Manager Application o Application window always raised when prompting for new credentials, so prompt is not obscured by other windows. o Password entry field accepts 1024 characters. o Add --show and --hide command line options. o Defines a new color schema. Color values are no longer imported from the user's desktop theme. o Notification icon reflects status of the default identity instead of all identities. * Credential Cache API changes o The CCAPI implementation is now compatible with Windows Terminal Server. * Kerberos v5 Library Improvements o Based on krb5-1.6.3. o MSLSA: ccache properly translates Unicode strings to the local ANSI character set. o krb5_get_profile() is exported from krb5_32.dll. * Installer Changes o Remove the registration requirement for administrative installations when using the MSI installer. o MSVC DLLs include DST 2007 changes. * Build system changes o NIM Schema files can now support external file inclusion. o Add static ordinals to DLL exports. o krbcc credential cache api implementation can now be compiled with Microsoft Visual Studio 2005. o Enable builds on 64 bit Windows. o NIM API version is now 10. For descriptions of changes to earlier versions, see the release notes for each version, at http://web.mit.edu/kerberos/dist/index.html#kfw-3.2. KFW 3.2.2 will be released by October 28, 2007, when the MSVC DLLs with DST changes will be needed. Supported Versions of Microsoft Windows ======================================= This release requires 32-bit editions of Microsoft Windows 2000 and higher or the WOW64 environment of 64-bit editions of Microsoft Windows XP and higher. Downloads ========= Binaries and source code can be downloaded from the MIT Kerberos web site: http://web.mit.edu/kerberos/dist/index.html Important notice regarding Kerberos 4 support ============================================= In the past few years, several developments have shown the inadequacy of the security of version 4 of the Kerberos protocol. These developments have led the MIT Kerberos Team to begin the process of ending support for version 4 of the Kerberos protocol. The plan involves the eventual removal of Kerberos 4 support from the MIT implementation of Kerberos. The Data Encryption Standard (DES) has reached the end of its useful life. DES is the only encryption algorithm supported by Kerberos 4, and the increasingly obvious inadequacy of DES motivates the retirement of the Kerberos 4 protocol. The National Institute of Standards and Technology (NIST), which had previously certified DES as a US government encryption standard, has officially announced[1] the withdrawal of the Federal Information Processing Standards (FIPS) for DES. NIST's action reflects the long-held opinion of the cryptographic community that DES has too small a key space to be secure. Breaking DES encryption by an exhaustive search of its key space is within the means of some individuals, many companies, and all major governments. Consequently, DES cannot be considered secure for any long-term keys, particularly the ticket-granting key that is central to Kerberos. Serious protocol flaws[2] have been found in Kerberos 4. These flaws permit attacks which require far less effort than an exhaustive search of the DES key space. These flaws make Kerberos 4 cross-realm authentication an unacceptable security risk and raise serious questions about the security of the entire Kerberos 4 protocol. The known insecurity of DES, combined with the recently discovered protocol flaws, make it extremely inadvisable to rely on the security of version 4 of the Kerberos protocol. These factors motivate the MIT Kerberos Team to remove support for Kerberos version 4 from the MIT implementation of Kerberos. The process of ending Kerberos 4 support began with release 1.3 of MIT Kerberos 5. In release 1.3, the default run-time configuration of the KDC disables support for version 4 of the Kerberos protocol. Release 1.4 of MIT Kerberos continues to include Kerberos 4 support (also disabled in the KDC with the default run-time configuration). We intend to completely remove Kerberos 4 support from MIT Kerberos for Windows 4.0. The MIT Kerberos Team has ended active development of Kerberos 4, except for the eventual removal of all Kerberos 4 functionality. We will continue to provide critical security fixes for Kerberos 4, but routine bug fixes and feature enhancements are at an end. ** The MIT Kerberos Team has decided that the MIT Kerberos for ** Windows 3.x release series will be the last versions to contain ** Kerberos 4 support. Beginning with 4.0 release, MIT Kerberos for ** Windows will be Kerberos 5 only. At that time MIT will repackage ** the existing Kerberos 4 libraries in a stand-alone installer for ** those organizations that require continued use of Kerberos 4. ** MIT KFW 4.0 is targeted for release during the first quarter of ** 2008. We recommend that any sites which have not already done so begin a migration to Kerberos 5. Kerberos 5 provides significant advantages over Kerberos 4, including support for strong encryption, extensibility, improved cross-vendor interoperability, and ongoing development and enhancement. If you have questions or issues regarding migration to Kerberos 5, we recommend discussing them on the [EMAIL PROTECTED] mailing list. References [1] National Institute of Standards and Technology. Announcing Approval of the Withdrawal of Federal Information Processing Standard (FIPS) 43-3, Data Encryption Standard (DES); FIPS 74, Guidelines for Implementing and Using the NBS Data Encryption Standard; and FIPS 81, DES Modes of Operation. Federal Register 05-9945, 70 FR 28907-28908, 19 May 2005. DOCID:fr19my05-45 [2] Tom Yu, Sam Hartman, and Ken Raeburn. The Perils of Unauthenticated Encryption: Kerberos Version 4. In Proceedings of the Network and Distributed Systems Security Symposium. The Internet Society, February 2004. http://web.mit.edu/tlyu/papers/krb4peril-ndss04.pdf _______________________________________________ kfwdev mailing list kfwdev@mit.edu http://mailman.mit.edu/mailman/listinfo/kfwdev