Major changes in release 0.6:

* Tested platforms:

DEC/Alpha	OSF3.2
HP700		HPux 9.x
Dec/Pmax	Ultrix 4.4	(rlogind not working)
IBM RS/6000	AIX 3.2		(rlogind not working)
IBM RS/6000	AIX 4.1
SGI		Irix 5.3
Sun		Sunos 4.1.x
Sun		Sunos 5.4
386		BSD/OS 2.0.1
386		NetBSD 1.1
386		Linux 1.2.13

It is rumored to work to some extent on NextStep 3.3.

* ksrvutil get to create new keys and put them in the database at the
same time.

* Support for S/Key in login.

* kstring2key: new program to show string to key conversion.

* Kerberos server should now listen on all available network
interfaces and on both port 88 and 750.

* Timeout in kpopper.

* Support password quality checks in kadmind.  Use --with-crack-lib to
link kadmind with cracklib.  The patches in cracklib.patch are needed.

* Movemail from emacs 19.30.

* Logging format uses four digits for years.

* Fallback if port numbers are not listed in /etc/services.


	* Relesed version 0.5

	* lib/des/read_pwd.c: Redifine TIOCGETP and TIOCSETP so that the
        same code is used both for posix termios and others.

	* rsh, rlogin: Add environment variable RSTAR_NO_WARN which when
	set to "yes" make warnings about "rlogin: warning, using standard
	rlogin: remote host doesn't support Kerberos." go away.

	* admin/kdb_util.c (load_db) lib/kdb/krb_dbm.c (kerb_db_update):
        Optimized so that it can handle large databases, previously a
        10000 entry DB would take *many* minutes, this can now be done in
        under a minute.

	* Changes in server/kerberos.c, kadmin/*.c slave/*.c to support 64
        bit machines. Source should now be free of 64 bit assumptions.

	* admin/copykey.c (copy_from_key): New functions for copying to
        and from keys. Neccessary to solve som problems with longs on 64
        bit machines in kdb_init, kdb_edit, kdb_util and ext_srvtab.

	* lib/kdb/krb_kdb_utils.c (kdb_verify_master_key): More problems
        with longs on 64 bit machines.

	* appl/bsd/login.c (main): Lots of stuff to support Psoriasis
        login. Courtesy of gertz@lysator.liu.se.

	* configure.in, all Makefile.in's: Support for Linux shared
        libraries. Courtesy of svedja@lysator.liu.se.

	* lib/krb/cr_err_reply.c server/kerberos.c: Moved int req_act_vno
	= KRB_PROT_VERSION; from server kode to libkrb where it really
	belongs.

        * appl/bsd/forkpty.c (forkpty): New function that allocates master
        and slave ptys in a portable way. Used by rlogind.

	* appl/telnet/telnetd/sys_term.c (start_login): Under SunOS5 the
	same utmpx slot got used by sevral sessions. Courtesy of
	gertz@lysator.liu.se.

	* util/{ss, et}/Makefile.in (LEX): Use flex or lex. Courtesy of
        svedja@lysator.liu.se.

	* Fix the above Makefiles to work around bugs in Solaris and OSF/1
        make rules that was triggered by VPATH functionality in the yacc
        and lex rules.

	* appl/kpopper/pop_log.c (pop_log) appl/kpopper/pop_msg.c (pop_msg):
	Use stdarg instead of varargs. The code is still broken though,
	you'll realize	that on a machine with 64 bit pointers and 32 bit 
	int:s and no vsprintf, let's hope there will be no such beasts ;-).

	* appl/telnet/telnetd/sys_term.c (getptyslave): Not all systems
	 have (or need) modules ttcompat and pckt so don't flag it as a
	 fatal error if they don't exist.

	* kadmin/admin_server.c (kadm_listen) kadmind/kadm_ser_wrap.c
	(kadm_listen): Add kludge for kadmind running on a multihomed
	server. #ifdef:ed under MULTIHOMED_KADMIN. Change in acconfig.h
	if you need this feature.

	* appl/Makefile.in (SUBDIRS): Add applications movemail kpopper
        and xnlock.

	* appl/bsd/rlogin.c (main): New rlogind.c, forkpty() is not
        implemented yet though.

	* appl/xnlock/Makefile.in: Some stubs for X11 programs in
        configure.in as well as a kerberized version of xnlock.

	* appl/bsd/{rlogin.c, rsh.c, rcp.c}: Add code to support fallback
        port numbers if they can not be found using getservbyname.

	* appl/bsd/klogin.c (klogin): Use differnet ticket files for each
        login so that a malicous user won't be able to destroy our tickets
        with a failed login attempt.

	* lib/kafs/afssys.c (k_afsklog): First we try afs.cell@REALM, if
	there is no such thing try afs@CELL instead. There is now two
	arguments to k_afslog(char *cell, char *realm).

	* kadmin/admin_server.c (kadm_listen): If we are multihomed we
        need to figure out which local address that is used this time
        since it is used in "direction" comparison.

	* kadmin/kadm_ser_wrap.c (kadm_ser_init): Fallback to use default
        port number.

	* lib/krb/send_to_kdc.c (send_to_kdc): Default port number
        (KRB_PORT) was not in network byte order.

	* lib/krb/send_to_kdc.c (send_recv): Linux clears timeout struct
        when selecting.

	* appl/bsd/rcp.c, appl/bsd/rlogin.c, appl/bsd/rsh.c:
	Now does fallback if there isn't any entries in /etc/services for
	klogin/kshell. This also made the code a bit more pretty.

	* appl/bsd/login.c: Added support for lots of more struct utmp fields.
	If there is no ttyslot() use setutent and friends.

	* appl/bsd/Makefile.in, appl/bsd/rlogind.c, appl/bsd/rshd.c:
	Added extern iruserok().

	* appl/bsd/iruserok.c: Initial revision

	* appl/bsd/bsd_locl.h: Must include sys/filio.h on Psoriasis.

	* appl/bsd/Makefile.in: New install

	* appl/bsd/pathnames.h: Fix default path, rsh and rlogin.

	* appl/bsd/rshd.c: Extend default PATH with bindir to find rcp.

	* appl/bsd/login.c (login): If there is no ttyslot use setutent
	and friends. Added support for lots of more struct utmp fields.

	* server/kerberos.c (main) lib/kafs/afssys.c appl/bsd/bsd_locl.h:
        Must include sys/filio.h on Psoriasis to find _IOW and FIO* macros.

	* appl/bsd/rlogind.c (doit): Use _PATH_DEFPATH rather than
        _PATH_DEF.

	* appl/bsd/login.c, su.c (main): Use fallback to bourne shell if
        running as root.

	* appl/bsd/su.c (main): Update usage message to reflect that '-'
	option must come after the ordinary options and before login-id.

	* appl/telnet/telnetd/telnetd.c (doit): If remote host name is to
	long to fit into utmp try to remove domain part if it does match
	our local domain.

	(main): Add new option -L /bin/login so that it is possible to 
	specify an alternate login program.

	* appl/telnet/telnet/commands.c (env_init): When exporting
	variable DISPLAY and if hostname is not the full name, try to get
	the full name from DNS.

	* appl/telnet/telnet/main.c (main): Option -k realm was broken due
        to a bogous external declaration.

	* kadmin/kadmin.c (add_new_key): Kadmin now properly sets
	lifetime, expiration date and attributes in add_new_key command.

	* appl/bsd/su.c (main): Don't handle '-' option with getopt.

	* appl/telnet/telnet/externs.h: Removed protection for multiple
	inclusions of termio(s).h since it broke definition of termio
	macro on POSIX systems.

	* lib/krb/lifetime.c (krb_life_to_time): If you want to disable
	AFS compatible long lifetimes set krb_no_long_lifetimes = 1.
	
	Please note that the long lifetimes are 100% compatible up to
	10h so this should rarely be necessary.

	* lib/krb/krb_equiv.c (krb_equiv): If you don't want to use
	ipaddress protection of tickets set krb_ignore_ip_address. This
	makes it possible for an intruder to steal a ticket and then use
	it from som other machine anywhere on the net.

	* kadmin/kadm_ser_wrap.c (kadm_ser_init): Don't bind to only one
        local address. Accept request on all interfaces.

	* admin/kdb_edit.c (change_principal): Don't accept illegal
        dates. Courtesy of gertz@lysator.liu.se.

	* configure.in: AIX specific libraries needed when using standard
        libc routine getttyent, IBM should be ashamed!

	* lib/krb/recvauth.c (krb_recvauth): Long that should be int32_t
        problem.

	* Added strdup for su and rlogin.

	* Fix for old syslog macros in appl/bsd/bsd_locl.

	* lib/kdb/krb_dbm.c (kerb_db_rename) admin/kdb_destroy.c: New
        ifdef HAVE_NEW_DB for new databases residing in one file only.

	* appl/bsd/rlogin.c (oob): Add workaround for Linux.

	* appl/bsd/getpass.c: New routine that reads up to 127 char
        passwords. Used in su.c and login.c.

	* appl/telnet/telnetd/sys_term.c (login_tty): Ioctl TIOCSCTTY
        should not be used on HP-UX.

==========================*** Released 0.2? ***=============================

ksrvutil
  If there is a dot in the about to be added principals name there is
  no need to ask for instance name.

kerberos & kadmind
  Logfiles are created with small permissions (600).

krb.conf and krb.realms
 Use domain part as realm name if there is no match in krb.realms.
 Use kerberos.REALMNAME if there is no match in krb.realms.

rlogin
  The rlogin client is supported both with and without encryption,
  there is no rlogind yet though.

login
  There is login program that supports the -f option. Both kerberos
  and /etc/passwd authentication is enabled.

  Vendors login programs typically have no -f option (needed by
  telnetd) and also does not know how to verify passwords againts
  kerberos.

appl/bsd/*
  Now uses POSIX signals.

kdb_edit, kadmin
  Generate random passwords if administrator enters empty password.

lib/kafs
  New library to support AFS. Routines:
  int k_hasafs(void);
  int k_afsklog(...); or some other name
  int k_setpag(void);
  int k_unlog(void);
  int k_pioctl(char *, int, struct ViceIoctl *, int);

  Library supports more than one single entry point AFS syscalls
  (needed be HP/UX and OSF/1 when running DFS). Doesn't rely on
  transarc headers or library code. Same binaries can be used both on
  machines running AFS and others.

  This library is used in telnetd, login and the r* programs.

telnet & telnetd
  Based on telnet.95.05.31.NE but with the encryption hacks from
  ftp.funet.fi:/pub/unix/security/esrasrc-1.0 added.  This encryption
  stuff needed some more modifications (done by joda@nada.kth.se)
  before it was usable. Telnet has also been modified to use GNU
  autoconf.

Numerous other changes that are long since forgotten.
