[2284] Fixed accept_sec_context to use a replay cache in the
GSS_C_NO_CREDENTIAL case.
[2453] The AES string-to-key function no longer returns a pointer to
stack memory when given a password longer than 64 characters.
[2277] In sendto_kdc, a socket leak on connection failure was fixed.
[2384] A memory leak in the TCP handling code in the KDC has been fixed.
the RCD_SCRIPTS rc.d script(s) to the PLIST.
This GENERATE_PLIST idea is part of Greg A. Woods'
PR #22954.
This helps when the RC_SCRIPTS are installed to
a different ${RCD_SCRIPTS_EXAMPLEDIR}. (Later,
the default RCD_SCRIPTS_EXAMPLEDIR will be changed
to be more clear that they are the examples.)
These patches also remove the etc/rc.d/ scripts from PLISTs
(of packages that use RCD_SCRIPTS). (This also removes
now unused references from openssh* makefiles. Note that
qmail package has not been changed yet.)
I have been doing automatic PLIST registration for RC_SCRIPTS
for over a year. Not all of these packages have been tested,
but many have been tested and used.
Somethings maybe to do:
- a few packages still manually install the rc.d scripts to
hard-coded etc/rc.d. These need to be fixed.
- maybe remove from mk/${OPSYS}.pkg.dist mtree specifications too.
* Support for AES in GSSAPI has been implemented. This corresponds to the
in-progress work in the IETF (CFX).
* To avoid compatibility problems, unrecognized TGS options will now be
ignored.
* 128-bit AES has been added to the default enctypes.
* AES cryptosystem now chains IVs. This WILL break backwards compatibility
for the kcmd applications, if they are using AES session keys.
* Assorted minor bug fixes and plugged memory leaks.
on the wip/mit-krb5 package by Jeremy Reed, but heavily modified by me to
libtoolize the build.
Kerberos V5 is an authentication system developed at MIT. It is a network
authentication protocol designed to provide strong authentication for
client/server applications by using secret-key cryptography. (Kerberos
5 is discussed in RFC 1510.)
This package provides Kerberos and GSSAPI (Generic Security Services
Application Programming Interface) development headers and libraries.
It also includes Kerberos ticket and principal tools, and Kerberized
r-services, telnet and ftp services.
