kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
freebsd-ports/security/krb5-117/pkg-plist

178 lines
3.9 KiB
Text
Raw Normal View History

Welcome the new KRB5 1.17 (krb5-117). Major changes in 1.17 (2019-01-08) ================================== Administrator experience: * A new Kerberos database module using the Lightning Memory-Mapped Database library (LMDB) has been added. The LMDB KDB module should be more performant and more robust than the DB2 module, and may become the default module for new databases in a future release. * "kdb5_util dump" will no longer dump policy entries when specific principal names are requested. Developer experience: * The new krb5_get_etype_info() API can be used to retrieve enctype, salt, and string-to-key parameters from the KDC for a client principal. * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise principal names to be used with GSS-API functions. * KDC and kadmind modules which call com_err() will now write to the log file in a format more consistent with other log messages. * Programs which use large numbers of memory credential caches should perform better. Protocol evolution: * The SPAKE pre-authentication mechanism is now supported. This mechanism protects against password dictionary attacks without requiring any additional infrastructure such as certificates. SPAKE is enabled by default on clients, but must be manually enabled on the KDC for this release. * PKINIT freshness tokens are now supported. Freshness tokens can protect against scenarios where an attacker uses temporary access to a smart card to generate authentication requests for the future. * Password change operations now prefer TCP over UDP, to avoid spurious error messages about replays when a response packet is dropped. * The KDC now supports cross-realm S4U2Self requests when used with a third-party KDB module such as Samba's. The client code for cross-realm S4U2Self requests is also now more robust. User experience: * The new ktutil addent -f flag can be used to fetch salt information from the KDC for password-based keys. * The new kdestroy -p option can be used to destroy a credential cache within a collection by client principal name. * The Kerberos man page has been restored, and documents the environment variables that affect programs using the Kerberos library. Changes to the FreeBSD krb5* ports include: * CONFLICTS updated in krb5-115 and krb5-116 taking krb5-117 in consideration. * The default krb5 port is now krb5-117. * MIT's practice is to EOL KRB5 n-2. krb5-115 is deprecated and set to expire Jan 31, 2020.
2019-01-08 21:29:34 +01:00
bin/compile_et
bin/gss-client
bin/k5srvutil
bin/kadmin
bin/kdestroy
bin/kinit
bin/klist
bin/kpasswd
bin/krb5-config
@mode 04755
@owner root
@group wheel
bin/ksu
@mode
@owner root
@group wheel
bin/kswitch
bin/ktutil
bin/kvno
bin/sclient
bin/sim_client
bin/uuclient
include/com_err.h
include/gssapi.h
include/gssapi/gssapi.h
include/gssapi/gssapi_ext.h
include/gssapi/gssapi_generic.h
include/gssapi/gssapi_krb5.h
include/gssapi/mechglue.h
include/gssrpc/auth.h
include/gssrpc/auth_gss.h
include/gssrpc/auth_gssapi.h
include/gssrpc/auth_unix.h
include/gssrpc/clnt.h
include/gssrpc/netdb.h
include/gssrpc/pmap_clnt.h
include/gssrpc/pmap_prot.h
include/gssrpc/pmap_rmt.h
include/gssrpc/rename.h
include/gssrpc/rpc.h
include/gssrpc/rpc_msg.h
include/gssrpc/svc.h
include/gssrpc/svc_auth.h
include/gssrpc/types.h
include/gssrpc/xdr.h
include/krad.h
include/krb5.h
include/krb5/ccselect_plugin.h
include/krb5/clpreauth_plugin.h
include/krb5/hostrealm_plugin.h
include/krb5/kadm5_hook_plugin.h
include/krb5/kdcpolicy_plugin.h
include/krb5/kdcpreauth_plugin.h
include/krb5/localauth_plugin.h
include/krb5/krb5.h
include/krb5/locate_plugin.h
include/krb5/plugin.h
include/krb5/pwqual_plugin.h
include/kadm5/admin.h
include/kadm5/chpass_util_strings.h
include/krb5/kadm5_auth_plugin.h
include/kadm5/kadm_err.h
include/kdb.h
include/krb5/certauth_plugin.h
include/krb5/preauth_plugin.h
include/profile.h
include/verto-module.h
include/verto.h
lib/libcom_err.so
lib/libcom_err.so.3
lib/libcom_err.so.3.0
lib/libgssapi_krb5.so
lib/libgssapi_krb5.so.2
lib/libgssapi_krb5.so.2.2
lib/libgssrpc.so
lib/libgssrpc.so.4
lib/libgssrpc.so.4.2
lib/libk5crypto.so
lib/libk5crypto.so.3
lib/libk5crypto.so.3.1
lib/libkadm5clnt.so
lib/libkadm5clnt_mit.so
lib/libkadm5clnt_mit.so.11
lib/libkadm5clnt_mit.so.11.0
lib/libkadm5srv.so
lib/libkadm5srv_mit.so
lib/libkadm5srv_mit.so.11
lib/libkadm5srv_mit.so.11.0
lib/libkdb5.so
lib/libkdb5.so.9
lib/libkdb5.so.9.0
lib/libkrb5.so
lib/libkrb5.so.3
lib/libkrb5.so.3.3
lib/libkrb5support.so
lib/libkrb5support.so.0
lib/libkrb5support.so.0.1
lib/krb5/plugins/kdb/db2.so
Disable auto detection of lmdb. It causes grief to those without databases/lmdb installed. Reported by: "Alex V. Petrov" <alexvpetrov@gmail.com>, kib@
2019-01-09 04:04:30 +01:00
%%LMDB%%lib/krb5/plugins/kdb/klmdb.so
Welcome the new KRB5 1.17 (krb5-117). Major changes in 1.17 (2019-01-08) ================================== Administrator experience: * A new Kerberos database module using the Lightning Memory-Mapped Database library (LMDB) has been added. The LMDB KDB module should be more performant and more robust than the DB2 module, and may become the default module for new databases in a future release. * "kdb5_util dump" will no longer dump policy entries when specific principal names are requested. Developer experience: * The new krb5_get_etype_info() API can be used to retrieve enctype, salt, and string-to-key parameters from the KDC for a client principal. * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise principal names to be used with GSS-API functions. * KDC and kadmind modules which call com_err() will now write to the log file in a format more consistent with other log messages. * Programs which use large numbers of memory credential caches should perform better. Protocol evolution: * The SPAKE pre-authentication mechanism is now supported. This mechanism protects against password dictionary attacks without requiring any additional infrastructure such as certificates. SPAKE is enabled by default on clients, but must be manually enabled on the KDC for this release. * PKINIT freshness tokens are now supported. Freshness tokens can protect against scenarios where an attacker uses temporary access to a smart card to generate authentication requests for the future. * Password change operations now prefer TCP over UDP, to avoid spurious error messages about replays when a response packet is dropped. * The KDC now supports cross-realm S4U2Self requests when used with a third-party KDB module such as Samba's. The client code for cross-realm S4U2Self requests is also now more robust. User experience: * The new ktutil addent -f flag can be used to fetch salt information from the KDC for password-based keys. * The new kdestroy -p option can be used to destroy a credential cache within a collection by client principal name. * The Kerberos man page has been restored, and documents the environment variables that affect programs using the Kerberos library. Changes to the FreeBSD krb5* ports include: * CONFLICTS updated in krb5-115 and krb5-116 taking krb5-117 in consideration. * The default krb5 port is now krb5-117. * MIT's practice is to EOL KRB5 n-2. krb5-115 is deprecated and set to expire Jan 31, 2020.
2019-01-08 21:29:34 +01:00
lib/krb5/plugins/tls/k5tls.so
%%LDAP%%lib/krb5/plugins/kdb/kldap.so
lib/krb5/plugins/preauth/otp.so
lib/krb5/plugins/preauth/pkinit.so
lib/krb5/plugins/preauth/spake.so
lib/krb5/plugins/preauth/test.so
%%LDAP%%lib/libkdb_ldap.so
%%LDAP%%lib/libkdb_ldap.so.1
%%LDAP%%lib/libkdb_ldap.so.1.0
lib/libkrad.so
lib/libkrad.so.0
lib/libkrad.so.0.0
lib/libverto.so
lib/libverto.so.0
lib/libverto.so.0.0
libdata/pkgconfig/gssrpc.pc
libdata/pkgconfig/kadm-client.pc
libdata/pkgconfig/kadm-server.pc
libdata/pkgconfig/kdb.pc
libdata/pkgconfig/krb5-gssapi.pc
libdata/pkgconfig/krb5.pc
libdata/pkgconfig/mit-krb5-gssapi.pc
libdata/pkgconfig/mit-krb5.pc
man/man1/compile_et.1.gz
man/man1/k5srvutil.1.gz
man/man1/kadmin.1.gz
man/man1/kdestroy.1.gz
man/man1/kinit.1.gz
man/man1/klist.1.gz
man/man1/kpasswd.1.gz
man/man1/krb5-config.1.gz
man/man1/ksu.1.gz
man/man1/kswitch.1.gz
man/man1/ktutil.1.gz
man/man1/kvno.1.gz
man/man1/sclient.1.gz
man/man3/com_err.3.gz
man/man5/.k5identity.5.gz
man/man5/.k5login.5.gz
man/man5/k5identity.5.gz
man/man5/k5login.5.gz
man/man5/kadm5.acl.5.gz
man/man5/kdc.conf.5.gz
man/man5/krb5.conf.5.gz
man/man7/kerberos.7.gz
man/man8/kadmin.local.8.gz
man/man8/kadmind.8.gz
man/man8/kdb5_ldap_util.8.gz
man/man8/kdb5_util.8.gz
man/man8/kprop.8.gz
man/man8/kpropd.8.gz
man/man8/kproplog.8.gz
man/man8/krb5kdc.8.gz
man/man8/sserver.8.gz
sbin/gss-server
sbin/kadmin.local
sbin/kadmind
%%LDAP%%sbin/kdb5_ldap_util
Provide a script from which to start krb5kdc through /etc/rc.d/kdc. Simply add kdc_enable="YES" and kdc_program="/usr/local/sbin/kdc" to /etc/rc.d. The script removes the Heimdal kdc --detach argument prior to invoking krb5kdc. The other approach that was considered was to replace getopt() in kdc/main.c with getopt_long() however this approach was considered too intrusive.
2019-02-15 05:37:25 +01:00
sbin/kdc
Welcome the new KRB5 1.17 (krb5-117). Major changes in 1.17 (2019-01-08) ================================== Administrator experience: * A new Kerberos database module using the Lightning Memory-Mapped Database library (LMDB) has been added. The LMDB KDB module should be more performant and more robust than the DB2 module, and may become the default module for new databases in a future release. * "kdb5_util dump" will no longer dump policy entries when specific principal names are requested. Developer experience: * The new krb5_get_etype_info() API can be used to retrieve enctype, salt, and string-to-key parameters from the KDC for a client principal. * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise principal names to be used with GSS-API functions. * KDC and kadmind modules which call com_err() will now write to the log file in a format more consistent with other log messages. * Programs which use large numbers of memory credential caches should perform better. Protocol evolution: * The SPAKE pre-authentication mechanism is now supported. This mechanism protects against password dictionary attacks without requiring any additional infrastructure such as certificates. SPAKE is enabled by default on clients, but must be manually enabled on the KDC for this release. * PKINIT freshness tokens are now supported. Freshness tokens can protect against scenarios where an attacker uses temporary access to a smart card to generate authentication requests for the future. * Password change operations now prefer TCP over UDP, to avoid spurious error messages about replays when a response packet is dropped. * The KDC now supports cross-realm S4U2Self requests when used with a third-party KDB module such as Samba's. The client code for cross-realm S4U2Self requests is also now more robust. User experience: * The new ktutil addent -f flag can be used to fetch salt information from the KDC for password-based keys. * The new kdestroy -p option can be used to destroy a credential cache within a collection by client principal name. * The Kerberos man page has been restored, and documents the environment variables that affect programs using the Kerberos library. Changes to the FreeBSD krb5* ports include: * CONFLICTS updated in krb5-115 and krb5-116 taking krb5-117 in consideration. * The default krb5 port is now krb5-117. * MIT's practice is to EOL KRB5 n-2. krb5-115 is deprecated and set to expire Jan 31, 2020.
2019-01-08 21:29:34 +01:00
sbin/kdb5_util
sbin/kprop
sbin/kpropd
sbin/kproplog
sbin/krb5-send-pr
sbin/krb5kdc
sbin/sim_server
sbin/sserver
sbin/uuserver
share/et/et_c.awk
share/et/et_h.awk
%%NLS%%share/locale/de/LC_MESSAGES/mit-krb5.mo
%%NLS%%share/locale/en_US/LC_MESSAGES/mit-krb5.mo
%%LDAP%%%%DATADIR%%/kerberos.schema
%%LDAP%%%%DATADIR%%/kerberos.ldif
@dir lib/krb5/plugins/authdata
@dir lib/krb5/plugins/libkrb5
@dir var/run/krb5kdc
@dir var/krb5kdc
Reference in a new issue Copy permalink