1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
|
User-Visible S/Ident Changes
S/Ident 3.6 (2006-02-08)
Make Kerberos v4 support optional. --disable-krb4 will build a
library and responder that only do GSSAPI and regular ident.
Significantly improved Kerberos library probes. Use krb5-config where
available to get Kerberos libraries and compiler flags unless
--enable-reduced-depends or --enable-static-daemon are used, and
support MIT Kerberos 1.4 with --enable-static-daemon.
Add the --enable-reduced-depends configure option to try to minimize
the shared library dependencies of the resulting binaries on platforms
with proper shared library dependencies. This is of interest
primarily to people building packages for distributions.
Attempt better portability to KTH Kerberos installs that build their
own DES library rather than using OpenSSL.
Support builddir != srcdir for building the Perl module.
S/Ident 3.5 (2005-10-04)
Document the security vulnerability in the protocol.
Move many sidentd debugging messages from -d plus -l to -v so that
verbose really does what it's documented to do. Remove a few
debugging messages that aren't actually useful.
S/Ident 3.4 (2005-04-14)
No code changes. Removed documentation that isn't DFSG-free from the
source to make it easier to package and removed the debian directory
from the main distribution in compliance with Debian best practices.
S/Ident 3.3 (2004-07-23)
Added the --disable-responder configure flag to build only the library
(and also disable the autodetection of a 64-bit compiler, since
sometimes that isn't what a library user wants).
Fix compilation against Kerberos libraries without krb_life_to_time.
Removed some obsolete documentation and updated the INSTALL file.
Incorporated changes needed for Debian builds.
S/Ident 3.2 (2004-06-18)
Added support for a shared library build of libsident, on by default
on those platforms where libtool supports shared libraries.
Updated the kernel modules and kvm layer to the code from pidentd
3.0.18, which adds support for Solaris 10.
Significant amounts of code cleanup, reformatting, and reorganization.
There should not be any functionality changes, but the code should be
much easier to deal with.
Added rules and configuration to build native Debian packages.
S/Ident 3.1 (2003-08-03)
Include the ticket expiration time and the local principal name
(without realm) into the IDENT struct for use by clients of the
high-level API.
Add support for Kerberos libraries that don't export krb_life_to_time
so that S/Ident can be built against the stock MIT Kerberos 1.2.8
distribution.
Rewrote the man pages in POD and significantly expanded them, checking
the documentation for accuracy.
Significantly cleaned up the test S/Ident request server.
S/Ident 3.0 (2003-05-31)
Incorporated the Net::Sident Perl module, although it's not built by
default.
Renamed requestor to requester globally. This changes the low-level
API for some libsident calls due to a different returned struct name,
but that interface is infrequently used.
Ported to Heimdal. S/Ident will now build against either MIT Kerberos
or Heimdal (but requires one or the other; it cannot build with
Kerberos v4 due to the GSSAPI requirement).
Cleaned up portions of the build system and source tree organization.
Upgraded to Autoconf 2.57.
S/Ident 2.0 (2002-10-28)
Added Kerberos v5 GSS-API support.
Added support for Solaris 9 (trivially; it can use Solaris 8 kernel
modules).
Updated and reformatted the documentation to match current standards
(mostly) and to add a separate NEWS file. Cleaned up the portability
of some of the code, dropping old workarounds and fixing header
inclusions so that the requester library works properly with 64-bit
compiles.
Added commands to make install to create the installation
directories.
Fixed a compilation problem on Linux with the Kerberos v5
compatibility libraries (libk5crypt referred to crypt, which needs
-lcrypt on Linux).
Added --enable-static support to configure to build an sidentd that
links against the static versions of the Kerberos libraries. (It
still links dynamically against system libraries.)
S/Ident 1.5 (2001-06-08)
Added support for Solaris 8.
Fixed to work with the Kerberos v4 emulation libraries shipped with
Kerberos v5.
Lots of build system cleanups, simplifying the Makefiles and the
configure script and removing unnecessary probes. Added some
dependency information.
S/Ident 1.4 (2000-09-26)
Various bugs fixed in the responder code for Unix, particularly for
endianness issues. Added support for AIX 4.1 and AIX 4.2.
S/Ident 1.3 (2000-02-27)
The only change in 1.3 is that the kernel reading interface in the
responder has been changed to use the API supported in pidentd 3.0.x.
pidentd 3.0.x has dropped support for some older OSes, but it has
support for Solaris 2.7 and Irix 6.5. Support for HPUX 11 is on my
todo list, but not available in this release. This release has been
tested on
Solaris 2.5.1
Solaris 2.7
Irix 6.5
Unless you are using Solaris 2.7 or Irix 6.5, there really isn't any
reason to upgrade to this release.
S/Ident 1.2 (1997-11-11)
Added protocol changes to the sident code to allow the
user-interaction flags to be set/unset. The Unix responder ignores
these flags. The programming interface to setting the flags is
int
ident_set_authflag(char *flag, char *value);
int
ident_get_authflag(char *flag, char *value);
The functions return either IDENT_AUTH_OKAY, IDENT_INVALID_FLAG_VALUE,
or IDENT_FLAG_NOT_SUPPORTED. Currently the only flag is
USER-INTERACTION with the values YES or NO.
Merged in the new kernel code from the latest release of pidentd.
Conversion to using lsof kernel interface code is still on the TODO
list.
|
