13 https://web.mit.edu/kerberos
19 License - :ref:`mitK5license`
22 - Latest stable: https://web.mit.edu/kerberos/krb5-1.20/
23 - Supported: https://web.mit.edu/kerberos/krb5-1.19/
24 - Release cycle: approximately 12 months
26 Supported platforms \/ OS distributions:
27 - Windows (KfW 4.0): Windows 7, Vista, XP
28 - Solaris: SPARC, x86_64/x86
29 - GNU/Linux: Debian x86_64/x86, Ubuntu x86_64/x86, RedHat x86_64/x86
30 - BSD: NetBSD x86_64/x86
33 - builtin - MIT Kerberos native crypto library
34 - OpenSSL (1.0\+) - https://www.openssl.org
36 Database backends: LDAP, DB2, LMDB
38 krb4 support: Kerberos 5 release < 1.8
40 DES support: Kerberos 5 release < 1.18 (See :ref:`retiring-des`)
47 Starting from release 1.7:
49 * Follow client principal referrals in the client library when
50 obtaining initial tickets.
52 * KDC can issue realm referrals for service principals based on domain names.
54 * Extensions supporting DCE RPC, including three-leg GSS context setup
55 and unencapsulated GSS tokens inside SPNEGO.
57 * Microsoft GSS_WrapEX, implemented using the gss_iov API, which is
58 similar to the equivalent SSPI functionality. This is needed to
59 support some instances of DCE RPC.
61 * NTLM recognition support in GSS-API, to facilitate dropping in an
62 NTLM implementation for improved compatibility with older releases
65 * KDC support for principal aliases, if the back end supports them.
66 Currently, only the LDAP back end supports aliases.
68 * Support Microsoft set/change password (:rfc:`3244`) protocol in
71 * Implement client and KDC support for GSS_C_DELEG_POLICY_FLAG, which
72 allows a GSS application to request credential delegation only if
73 permitted by KDC policy.
76 Starting from release 1.8:
78 * Microsoft Services for User (S4U) compatibility
83 * Support for KCM credential cache starting from release 1.13
88 For more information on the specific project see https://k5wiki.kerberos.org/wiki/Projects
91 - Credentials delegation :rfc:`5896`
92 - Cross-realm authentication and referrals :rfc:`6806`
93 - Master key migration
94 - PKINIT :rfc:`4556` :ref:`pkinit`
97 - Anonymous PKINIT :rfc:`6112` :ref:`anonymous_pkinit`
98 - Constrained delegation
99 - IAKERB https://tools.ietf.org/html/draft-ietf-krb-wg-iakerb-02
100 - Heimdal bridge plugin for KDC backend
101 - GSS-API S4U extensions https://msdn.microsoft.com/en-us/library/cc246071
102 - GSS-API naming extensions :rfc:`6680`
103 - GSS-API extensions for storing delegated credentials :rfc:`5588`
106 - Advance warning on password expiry
107 - Camellia encryption (CTS-CMAC mode) :rfc:`6803`
108 - KDC support for SecurID preauthentication
110 - Trace logging :ref:`trace_logging`
111 - GSSAPI/KRB5 multi-realm support
112 - Plugin to test password quality :ref:`pwqual_plugin`
113 - Plugin to synchronize password changes :ref:`kadm5_hook_plugin`
115 - GSS-API extensions for SASL GS2 bridge :rfc:`5801` :rfc:`5587`
117 - Naming extensions for delegation chain
118 - Password expiration API
119 - Windows client support (build-only)
120 - IPv6 support in iprop
123 - Plugin interface for configuration :ref:`profile_plugin`
124 - Credentials for multiple identities :ref:`ccselect_plugin`
127 - Client support for FAST OTP :rfc:`6560`
128 - GSS-API extensions for credential locations
129 - Responder mechanism
132 - Plugin to control krb5_aname_to_localname and krb5_kuserok behavior :ref:`localauth_plugin`
133 - Plugin to control hostname-to-realm mappings and the default realm :ref:`hostrealm_plugin`
134 - GSSAPI extensions for constructing MIC tokens using IOV lists :ref:`gssapi_mic_token`
135 - Principal may refer to nonexistent policies `Policy Refcount project <https://k5wiki.kerberos.org/wiki/Projects/Policy_refcount_elimination>`_
136 - Support for having no long-term keys for a principal `Principals Without Keys project <https://k5wiki.kerberos.org/wiki/Projects/Principals_without_keys>`_
137 - Collection support to the KEYRING credential cache type on Linux :ref:`ccache_definition`
138 - FAST OTP preauthentication module for the KDC which uses RADIUS to validate OTP token values :ref:`otp_preauth`
139 - Experimental Audit plugin for KDC processing `Audit project <https://k5wiki.kerberos.org/wiki/Projects/Audit>`_
143 - Add support for accessing KDCs via an HTTPS proxy server using
145 <https://msdn.microsoft.com/en-us/library/hh553774.aspx>`_
147 - Add support for `hierarchical incremental propagation
148 <https://k5wiki.kerberos.org/wiki/Projects/Hierarchical_iprop>`_,
149 where replicas can act as intermediates between an upstream primary
150 and other downstream replicas.
151 - Add support for configuring GSS mechanisms using
152 ``/etc/gss/mech.d/*.conf`` files in addition to
154 - Add support to the LDAP KDB module for `binding to the LDAP
156 <https://k5wiki.kerberos.org/wiki/Projects/LDAP_SASL_support>`_.
157 - The KDC listens for TCP connections by default.
158 - Fix a minor key disclosure vulnerability where using the
159 "keepold" option to the kadmin randkey operation could return the
160 old keys. `[CVE-2014-5351]
161 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5351>`_
162 - Add client support for the Kerberos Cache Manager protocol. If
163 the host is running a Heimdal kcm daemon, caches served by the
164 daemon can be accessed with the KCM: cache type.
165 - When built on macOS 10.7 and higher, use "KCM:" as the default
166 cachetype, unless overridden by command-line options or
168 - Add support for doing unlocked database dumps for the DB2 KDC
169 back end, which would allow the KDC and kadmind to continue
170 accessing the database during lengthy database dumps.
174 * Administrator experience
176 - Add a new kdb5_util tabdump command to provide reporting-friendly
177 tabular dump formats (tab-separated or CSV) for the KDC database.
178 Unlike the normal dump format, each output table has a fixed number
179 of fields. Some tables include human-readable forms of data that
180 are opaque in ordinary dump files. This format is also suitable for
181 importing into relational databases for complex queries.
182 - Add support to kadmin and kadmin.local for specifying a single
183 command line following any global options, where the command
184 arguments are split by the shell--for example, "kadmin getprinc
185 principalname". Commands issued this way do not prompt for
186 confirmation or display warning messages, and exit with non-zero
187 status if the operation fails.
188 - Accept the same principal flag names in kadmin as we do for the
189 default_principal_flags kdc.conf variable, and vice versa. Also
190 accept flag specifiers in the form that kadmin prints, as well as
192 - Remove the triple-DES and RC4 encryption types from the default
193 value of supported_enctypes, which determines the default key and
194 salt types for new password-derived keys. By default, keys will
195 only created only for AES128 and AES256. This mitigates some types
196 of password guessing attacks.
197 - Add support for directory names in the KRB5_CONFIG and
198 KRB5_KDC_PROFILE environment variables.
199 - Add support for authentication indicators, which are ticket
200 annotations to indicate the strength of the initial authentication.
201 Add support for the "require_auth" string attribute, which can be
202 set on server principal entries to require an indicator when
203 authenticating to the server.
204 - Add support for key version numbers larger than 255 in keytab files,
205 and for version numbers up to 65535 in KDC databases.
206 - Transmit only one ETYPE-INFO and/or ETYPE-INFO2 entry from the KDC
207 during pre-authentication, corresponding to the client's most
208 preferred encryption type.
209 - Add support for server name identification (SNI) when proxying KDC
211 - Add support for the err_fmt profile parameter, which can be used to
212 generate custom-formatted error messages.
214 * Developer experience:
216 - Change gss_acquire_cred_with_password() to acquire credentials into
217 a private memory credential cache. Applications can use
218 gss_store_cred() to make the resulting credentials visible to other
220 - Change gss_acquire_cred() and SPNEGO not to acquire credentials for
221 IAKERB or for non-standard variants of the krb5 mechanism OID unless
222 explicitly requested. (SPNEGO will still accept the Microsoft
223 variant of the krb5 mechanism OID during negotiation.)
224 - Change gss_accept_sec_context() not to accept tokens for IAKERB or
225 for non-standard variants of the krb5 mechanism OID unless an
226 acceptor credential is acquired for those mechanisms.
227 - Change gss_acquire_cred() to immediately resolve credentials if the
228 time_rec parameter is not NULL, so that a correct expiration time
229 can be returned. Normally credential resolution is delayed until
230 the target name is known.
231 - Add krb5_prepend_error_message() and krb5_wrap_error_message() APIs,
232 which can be used by plugin modules or applications to add prefixes
233 to existing detailed error messages.
234 - Add krb5_c_prfplus() and krb5_c_derive_prfplus() APIs, which
235 implement the RFC 6113 PRF+ operation and key derivation using PRF+.
236 - Add support for pre-authentication mechanisms which use multiple
237 round trips, using the the KDC_ERR_MORE_PREAUTH_DATA_REQUIRED error
238 code. Add get_cookie() and set_cookie() callbacks to the kdcpreauth
239 interface; these callbacks can be used to save marshalled state
240 information in an encrypted cookie for the next request.
241 - Add a client_key() callback to the kdcpreauth interface to retrieve
242 the chosen client key, corresponding to the ETYPE-INFO2 entry sent
244 - Add an add_auth_indicator() callback to the kdcpreauth interface,
245 allowing pre-authentication modules to assert authentication
247 - Add support for the GSS_KRB5_CRED_NO_CI_FLAGS_X cred option to
248 suppress sending the confidentiality and integrity flags in GSS
249 initiator tokens unless they are requested by the caller. These
250 flags control the negotiated SASL security layer for the Microsoft
251 GSS-SPNEGO SASL mechanism.
252 - Make the FILE credential cache implementation less prone to
253 corruption issues in multi-threaded programs, especially on
254 platforms with support for open file description locks.
258 - On replica KDCs, poll the primary KDC immediately after
259 processing a full resync, and do not require two full resyncs
260 after the primary KDC's log file is reset.
264 * Administrator experience:
266 - Add support to kadmin for remote extraction of current keys
267 without changing them (requires a special kadmin permission that
268 is excluded from the wildcard permission), with the exception of
269 highly protected keys.
271 - Add a lockdown_keys principal attribute to prevent retrieval of
272 the principal's keys (old or new) via the kadmin protocol. In
273 newly created databases, this attribute is set on the krbtgt and
276 - Restore recursive dump capability for DB2 back end, so sites can
277 more easily recover from database corruption resulting from power
280 - Add DNS auto-discovery of KDC and kpasswd servers from URI
281 records, in addition to SRV records. URI records can convey TCP
282 and UDP servers and primary KDC status in a single DNS lookup, and
283 can also point to HTTPS proxy servers.
285 - Add support for password history to the LDAP back end.
287 - Add support for principal renaming to the LDAP back end.
289 - Use the getrandom system call on supported Linux kernels to avoid
290 blocking problems when getting entropy from the operating system.
294 - Clean up numerous compilation warnings.
296 - Remove various infrequently built modules, including some preauth
297 modules that were not built by default.
299 * Developer experience:
301 - Add support for building with OpenSSL 1.1.
303 - Use SHA-256 instead of MD5 for (non-cryptographic) hashing of
304 authenticators in the replay cache. This helps sites that must
305 build with FIPS 140 conformant libraries that lack MD5.
307 * Protocol evolution:
309 - Add support for the AES-SHA2 enctypes, which allows sites to
310 conform to Suite B crypto requirements.
314 * Administrator experience:
316 - The KDC can match PKINIT client certificates against the
317 "pkinit_cert_match" string attribute on the client principal
318 entry, using the same syntax as the existing "pkinit_cert_match"
321 - The ktutil addent command supports the "-k 0" option to ignore the
322 key version, and the "-s" option to use a non-default salt string.
324 - kpropd supports a --pid-file option to write a pid file at
325 startup, when it is run in standalone mode.
327 - The "encrypted_challenge_indicator" realm option can be used to
328 attach an authentication indicator to tickets obtained using FAST
329 encrypted challenge pre-authentication.
331 - Localization support can be disabled at build time with the
332 --disable-nls configure option.
334 * Developer experience:
336 - The kdcpolicy pluggable interface allows modules control whether
337 tickets are issued by the KDC.
339 - The kadm5_auth pluggable interface allows modules to control
340 whether kadmind grants access to a kadmin request.
342 - The certauth pluggable interface allows modules to control which
343 PKINIT client certificates can authenticate to which client
346 - KDB modules can use the client and KDC interface IP addresses to
347 determine whether to allow an AS request.
349 - GSS applications can query the bit strength of a krb5 GSS context
350 using the GSS_C_SEC_CONTEXT_SASL_SSF OID with
351 gss_inquire_sec_context_by_oid().
353 - GSS applications can query the impersonator name of a krb5 GSS
354 credential using the GSS_KRB5_GET_CRED_IMPERSONATOR OID with
355 gss_inquire_cred_by_oid().
357 - kdcpreauth modules can query the KDC for the canonicalized
358 requested client principal name, or match a principal name against
359 the requested client principal name with canonicalization.
361 * Protocol evolution:
363 - The client library will continue to try pre-authentication
364 mechanisms after most failure conditions.
366 - The KDC will issue trivially renewable tickets (where the
367 renewable lifetime is equal to or less than the ticket lifetime)
368 if requested by the client, to be friendlier to scripts.
370 - The client library will use a random nonce for TGS requests
371 instead of the current system time.
373 - For the RC4 string-to-key or PAC operations, UTF-16 is supported
374 (previously only UCS-2 was supported).
376 - When matching PKINIT client certificates, UPN SANs will be matched
377 correctly as UPNs, with canonicalization.
381 - Dates after the year 2038 are accepted (provided that the platform
382 time facilities support them), through the year 2106.
384 - Automatic credential cache selection based on the client realm
385 will take into account the fallback realm and the service
388 - Referral and alternate cross-realm TGTs will not be cached,
389 avoiding some scenarios where they can be added to the credential
390 cache multiple times.
392 - A German translation has been added.
396 - The build is warning-clean under clang with the configured warning
399 - The automated test suite runs cleanly under AddressSanitizer.
403 * Administrator experience:
405 - A new Kerberos database module using the Lightning Memory-Mapped
406 Database library (LMDB) has been added. The LMDB KDB module
407 should be more performant and more robust than the DB2 module, and
408 may become the default module for new databases in a future
411 - "kdb5_util dump" will no longer dump policy entries when specific
412 principal names are requested.
414 * Developer experience:
416 - The new krb5_get_etype_info() API can be used to retrieve enctype,
417 salt, and string-to-key parameters from the KDC for a client
420 - The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise
421 principal names to be used with GSS-API functions.
423 - KDC and kadmind modules which call com_err() will now write to the
424 log file in a format more consistent with other log messages.
426 - Programs which use large numbers of memory credential caches
427 should perform better.
429 * Protocol evolution:
431 - The SPAKE pre-authentication mechanism is now supported. This
432 mechanism protects against password dictionary attacks without
433 requiring any additional infrastructure such as certificates.
434 SPAKE is enabled by default on clients, but must be manually
435 enabled on the KDC for this release.
437 - PKINIT freshness tokens are now supported. Freshness tokens can
438 protect against scenarios where an attacker uses temporary access
439 to a smart card to generate authentication requests for the
442 - Password change operations now prefer TCP over UDP, to avoid
443 spurious error messages about replays when a response packet is
446 - The KDC now supports cross-realm S4U2Self requests when used with
447 a third-party KDB module such as Samba's. The client code for
448 cross-realm S4U2Self requests is also now more robust.
452 - The new ktutil addent -f flag can be used to fetch salt
453 information from the KDC for password-based keys.
455 - The new kdestroy -p option can be used to destroy a credential
456 cache within a collection by client principal name.
458 - The Kerberos man page has been restored, and documents the
459 environment variables that affect programs using the Kerberos
464 - Python test scripts now use Python 3.
466 - Python test scripts now display markers in verbose output, making
467 it easier to find where a failure occurred within the scripts.
469 - The Windows build system has been simplified and updated to work
470 with more recent versions of Visual Studio. A large volume of
471 unused Windows-specific code has been removed. Visual Studio 2013
472 or later is now required.
476 * Administrator experience:
478 - Remove support for single-DES encryption types.
480 - Change the replay cache format to be more efficient and robust.
481 Replay cache filenames using the new format end with ``.rcache2``
484 - setuid programs will automatically ignore environment variables
485 that normally affect krb5 API functions, even if the caller does
486 not use krb5_init_secure_context().
488 - Add an ``enforce_ok_as_delegate`` krb5.conf relation to disable
489 credential forwarding during GSSAPI authentication unless the KDC
490 sets the ok-as-delegate bit in the service ticket.
492 * Developer experience:
494 - Implement krb5_cc_remove_cred() for all credential cache types.
496 - Add the krb5_pac_get_client_info() API to get the client account
499 * Protocol evolution:
501 - Add KDC support for S4U2Self requests where the user is identified
502 by X.509 certificate. (Requires support for certificate lookup
503 from a third-party KDB module.)
505 - Remove support for an old ("draft 9") variant of PKINIT.
507 - Add support for Microsoft NegoEx. (Requires one or more
508 third-party GSS modules implementing NegoEx mechanisms.)
512 - Add support for ``dns_canonicalize_hostname=fallback``, causing
513 host-based principal names to be tried first without DNS
514 canonicalization, and again with DNS canonicalization if the
515 un-canonicalized server is not found.
517 - Expand single-component hostnames in hhost-based principal names
518 when DNS canonicalization is not used, adding the system's first
519 DNS search path as a suffix. Add a ``qualify_shortname``
520 krb5.conf relation to override this suffix or disable expansion.
524 - The libkrb5 serialization code (used to export and import krb5 GSS
525 security contexts) has been simplified and made type-safe.
527 - The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED
528 messages has been revised to conform to current coding practices.
530 - The test suite has been modified to work with macOS System
531 Integrity Protection enabled.
533 - The test suite incorporates soft-pkcs11 so that PKINIT PKCS11
534 support can always be tested.
538 * Administrator experience:
540 - When a client keytab is present, the GSSAPI krb5 mech will refresh
541 credentials even if the current credentials were acquired
544 - It is now harder to accidentally delete the K/M entry from a KDB.
546 * Developer experience:
548 - gss_acquire_cred_from() now supports the "password" and "verify"
549 options, allowing credentials to be acquired via password and
550 verified using a keytab key.
552 - When an application accepts a GSS security context, the new
553 GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor
554 both provided matching channel bindings.
556 - Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self
557 requests to identify the desired client principal by certificate.
559 - PKINIT certauth modules can now cause the hw-authent flag to be
560 set in issued tickets.
562 - The krb5_init_creds_step() API will now issue the same password
563 expiration warnings as krb5_get_init_creds_password().
565 * Protocol evolution:
567 - Added client and KDC support for Microsoft's Resource-Based
568 Constrained Delegation, which allows cross-realm S4U2Proxy
569 requests. A third-party database module is required for KDC
572 - kadmin/admin is now the preferred server principal name for kadmin
573 connections, and the host-based form is no longer created by
574 default. The client will still try the host-based form as a
577 - Added client and server support for Microsoft's
578 KERB_AP_OPTIONS_CBT extension, which causes channel bindings to be
579 required for the initiator if the acceptor provided them. The
580 client will send this option if the client_aware_gss_bindings
581 profile option is set.
585 - The default setting of dns_canonicalize_realm is now "fallback".
586 Hostnames provided from applications will be tried in principal
587 names as given (possibly with shortname qualification), falling
588 back to the canonicalized name.
590 - kinit will now issue a warning if the des3-cbc-sha1 encryption
591 type is used in the reply. This encryption type will be
592 deprecated and removed in future releases.
594 - Added kvno flags --out-cache, --no-store, and --cached-only
595 (inspired by Heimdal's kgetcred).
599 * Administrator experience:
601 - Added a "disable_pac" realm relation to suppress adding PAC
602 authdata to tickets, for realms which do not need to support S4U
605 - Most credential cache types will use atomic replacement when a
606 cache is reinitialized using kinit or refreshed from the client
609 - kprop can now propagate databases with a dump size larger than
610 4GB, if both the client and server are upgraded.
612 - kprop can now work over NATs that change the destination IP
613 address, if the client is upgraded.
615 * Developer experience:
617 - Updated the KDB interface. The sign_authdata() method is replaced
618 with the issue_pac() method, allowing KDB modules to add logon
619 info and other buffers to the PAC issued by the KDC.
621 - Host-based initiator names are better supported in the GSS krb5
624 * Protocol evolution:
626 - Replaced AD-SIGNEDPATH authdata with minimal PACs.
628 - To avoid spurious replay errors, password change requests will not
629 be attempted over UDP until the attempt over TCP fails.
631 - PKINIT will sign its CMS messages with SHA-256 instead of SHA-1.
635 - Updated all code using OpenSSL to be compatible with OpenSSL 3.
637 - Reorganized the libk5crypto build system to allow the OpenSSL
638 back-end to pull in material from the builtin back-end depending
639 on the OpenSSL version.
641 - Simplified the PRNG logic to always use the platform PRNG.
643 - Converted the remaining Tcl tests to Python.
646 `Pre-authentication mechanisms`
648 - PW-SALT :rfc:`4120#section-5.2.7.3`
649 - ENC-TIMESTAMP :rfc:`4120#section-5.2.7.2`
651 - FAST negotiation framework (release 1.8) :rfc:`6113`
652 - PKINIT with FAST on client (release 1.10) :rfc:`6113`
654 - FX-COOKIE :rfc:`6113#section-5.2`
655 - S4U-X509-USER (release 1.8) https://msdn.microsoft.com/en-us/library/cc246091
656 - OTP (release 1.12) :ref:`otp_preauth`
657 - SPAKE (release 1.17) :ref:`spake`