Kerberos Client Version D.1.3.5.07 Release Notes
Kerberos Client D.1.3.5.07 Release Notes
What Is New in This Version
Chapter 1 11
What Is New in This Version
Kerberos Client D.1.3.5.07 is a defect-fix release and does not contain
any new features. For more information on the defects fixed in this
release, see “Defect Fixes in This Version” on page 17.
Features Supported From Kerberos Client Version
1.3.5
Kerberos Client version D.1.3.5.07 also supports the following features
from Kerberos Client version 1.3.5:
• SASL/GSS-API bind to Netscape Directory Server used to fail when
SSL was enabled
• Support for powerful cryptographic algorithms
This version of Kerberos Client software supports 3DES, AES, and
RC4
• Support for IPv6
IPv6 support is enabled on this version of Kerberos Client software
• Support for TCP
Kerberos Client libraries can now use TCP to connect to the Key
Distribution Center (KDC). Libraries can use TCP to communicate
with Microsoft KDCs (domain controllers) if they issue tickets with
excess PAC data.
• Security fixes up to version 1.6.1 made by MIT in the open source
version of Kerberos Client.
• Administrators can now control the behavior of Kerberized login
applications that call the krb5_kuserok() API provided by the
libkrb5.sl library. In earlier versions of Kerberos Client,
krb5_kuserok()checked the .k5login file in the user's home
directory for access permissions. This enabled users to modify the
.k5login file and allow access to other users.
Administrators can now create files with the name
.k5login.<username> in the /etc/krb5/ directory. Administrators
can also create symbolic links pointing to the .k5login file in the
user’s home directory. If the /etc/krb5 directory does not exist