Kerberos implementation packages to decide whether to prefix certain
commands with a "k" to differentiate it from system tools with similar
names. KERBEROS_PREFIX_CMDS defaults to "no".
Version 1.0.4 (04/01/2004)
- Changed handshake behaviour to send the lowest TLS version
when an unsupported version was advertized. The current behaviour
is to send the maximum version we support.
- certtool no longer asks the password in unencrypted private
keys.
- The source is now compiled to use the reentrant libc functions.
in agc's last bulk build.
Changes since 0.11:
- ZServerSSL with client certificate-based authentication rides again.
- Created Makefile for Python 2.3.
- Modified LICENCE: changed my name to the generic "the author" in the
all-caps disclaimer paragraph.
- Allow to save RSA key pair in the clear.
- ZServerSSL for Zope 2.7.
- Excluded RC5. IDEA was taken out several releases ago. This should
allow M2Crypto to build with stock OpenSSL on various Linuxen.
- Added ssl_set_tmp_dh_callback.
- Added ssl_set_tmp_rsa and ssl_set_tmp_rsa_callback to support weak-cipher
browsers.
- ZServerSSL exports SSL_CIPHER request header (a la mod_ssl) to Zope applications.
- Perform distutils's SWIG .i search path tweaking within setup.py. setup.py
should now work "out of the box".
- Allow using a passphrase callback in class SMIME. Thanks to Artur Frysiak
<wiget@pld-linux.org> for the patch.
- Added method get0_signers to class PKCS7, which retrieves signers' certificates
from a PKCS7 blob. Thanks again to Artur Frysiak.
- Added contrib/smimeplus.py, a high-level S/MIME interface, contributed by Bernard
Yue <bernie@3captus.com>. Thanks Bernard.
- Alias 'emailAddress' to 'Email' in X509.X509_Name.nid to support recent OpenSSL
convention.
command line options. We need -I/usr/include/krb5 to build against
heimdal, so symlink the headers in /usr/include/krb5 into ${BUILDLINK_DIR}
so they can be found.
Heimdal is a free implementation of Kerberos 5.
Kerberos is a system for authenticating users and services on a network.
It is built upon the assumption that the network is "unsafe". Kerberos
is a trusted third-party service. That means that there is a third
party (the Kerberos server) that is trusted by all the entities on the
network (users and services, usually called "principals"). All
principals share a secret password (or key) with the Kerberos server and
this enables principals to verify that the messages from the Kerberos
server are authentic. Thus trusting the Kerberos server, users and
services can authenticate each other.
saslauthd is a daemon process that handles plaintext authentication
requests on behalf of the Cyrus SASL library. It may be compiled to
support authentication using getpwent, PAM, or an LDAP database.
splitting out the saslauthd daemon into a separate package,
security/cyrus-saslauthd. This allows the saslauthd daemon to
support additional database backends for plaintext authentication
without adding unrelated dependencies to the cyrus-sasl2 package.
provided in PR 24022 by ISIHARA Takanori. This was taken from the
FreeBSD Packages Collection and ported to NetBSD by ISIHARA Takanori.
Additional fixes to make the package compile on NetBSD by myself,
along with fixes for the build infrastructure (since libevent is part
of NetBSD-current).
"Fragroute intercepts, modifies, and rewrites egress traffic destined
for a specified host, implementing most of the attacks described in the
Secure Networks "Insertion, Evasion, and Denial of Service: Eluding
Network Intrusion Detection" paper of January 1998.
It features a simple ruleset language to delay, duplicate, drop,
fragment, overlap, print, reorder, segment, source-route, or otherwise
monkey with all outbound packets destined for a target host, with
minimal support for randomized or probabilistic behaviour.
This tool was written in good faith to aid in the testing of network
intrusion detection systems, firewalls, and basic TCP/IP stack
behaviour. Please do not abuse this software."
"Package Makefiles should refer to PKG_SYSCONFBASEDIR instead of
PKG_SYSCONFBASE when they want PKG_SYSCONFDIR stripped of
PKG_SYSCONFSUBDIR. This makes PKG_SYSCONFBASE=/etc work with pkgviews by
installing all config files into /etc/packages/<pkg> instead of
occasionally putting some directly into /etc."
