User-Visible S/Ident Changes

S/Ident 3.6 (2006-02-08)

Make Kerberos v4 support optional. --disable-krb4 will build a library and responder that only do GSSAPI and regular ident.

Significantly improved Kerberos library probes. Use krb5-config where available to get Kerberos libraries and compiler flags unless --enable-reduced-depends or --enable-static-daemon are used, and support MIT Kerberos 1.4 with --enable-static-daemon.

Add the --enable-reduced-depends configure option to try to minimize the shared library dependencies of the resulting binaries on platforms with proper shared library dependencies. This is of interest primarily to people building packages for distributions.

Attempt better portability to KTH Kerberos installs that build their own DES library rather than using OpenSSL.

Support builddir != srcdir for building the Perl module.

S/Ident 3.5 (2005-10-04)

Document the security vulnerability in the protocol.

Move many sidentd debugging messages from -d plus -l to -v so that verbose really does what it's documented to do. Remove a few debugging messages that aren't actually useful.

S/Ident 3.4 (2005-04-14)

No code changes. Removed documentation that isn't DFSG-free from the source to make it easier to package and removed the debian directory from the main distribution in compliance with Debian best practices.

S/Ident 3.3 (2004-07-23)

Added the --disable-responder configure flag to build only the library (and also disable the autodetection of a 64-bit compiler, since sometimes that isn't what a library user wants).

Fix compilation against Kerberos libraries without krb_life_to_time.

Removed some obsolete documentation and updated the INSTALL file. Incorporated changes needed for Debian builds.

S/Ident 3.2 (2004-06-18)

Added support for a shared library build of libsident, on by default on those platforms where libtool supports shared libraries.

Updated the kernel modules and kvm layer to the code from pidentd 3.0.18, which adds support for Solaris 10.

Significant amounts of code cleanup, reformatting, and reorganization. There should not be any functionality changes, but the code should be much easier to deal with.

Added rules and configuration to build native Debian packages.

S/Ident 3.1 (2003-08-03)

Include the ticket expiration time and the local principal name (without realm) into the IDENT struct for use by clients of the high-level API.

Add support for Kerberos libraries that don't export krb_life_to_time so that S/Ident can be built against the stock MIT Kerberos 1.2.8 distribution.

Rewrote the man pages in POD and significantly expanded them, checking the documentation for accuracy.

Significantly cleaned up the test S/Ident request server.

S/Ident 3.0 (2003-05-31)

Incorporated the Net::Sident Perl module, although it's not built by default.

Renamed requestor to requester globally. This changes the low-level API for some libsident calls due to a different returned struct name, but that interface is infrequently used.

Ported to Heimdal. S/Ident will now build against either MIT Kerberos or Heimdal (but requires one or the other; it cannot build with Kerberos v4 due to the GSSAPI requirement).

Cleaned up portions of the build system and source tree organization. Upgraded to Autoconf 2.57.

S/Ident 2.0 (2002-10-28)

Added Kerberos v5 GSS-API support.

Added support for Solaris 9 (trivially; it can use Solaris 8 kernel modules).

Updated and reformatted the documentation to match current standards (mostly) and to add a separate NEWS file. Cleaned up the portability of some of the code, dropping old workarounds and fixing header inclusions so that the requester library works properly with 64-bit compiles.

Added commands to make install to create the installation directories.

Fixed a compilation problem on Linux with the Kerberos v5 compatibility libraries (libk5crypt referred to crypt, which needs -lcrypt on Linux).

Added --enable-static support to configure to build an sidentd that links against the static versions of the Kerberos libraries. (It still links dynamically against system libraries.)

S/Ident 1.5 (2001-06-08)

Added support for Solaris 8.

Fixed to work with the Kerberos v4 emulation libraries shipped with Kerberos v5.

Lots of build system cleanups, simplifying the Makefiles and the configure script and removing unnecessary probes. Added some dependency information.

S/Ident 1.4 (2000-09-26)

Various bugs fixed in the responder code for Unix, particularly for endianness issues. Added support for AIX 4.1 and AIX 4.2.

S/Ident 1.3 (2000-02-27)

The only change in 1.3 is that the kernel reading interface in the responder has been changed to use the API supported in pidentd 3.0.x. pidentd 3.0.x has dropped support for some older OSes, but it has support for Solaris 2.7 and Irix 6.5. Support for HPUX 11 is on my todo list, but not available in this release. This release has been tested on

    Solaris 2.5.1
    Solaris 2.7
    Irix 6.5

Unless you are using Solaris 2.7 or Irix 6.5, there really isn't any reason to upgrade to this release.

S/Ident 1.2 (1997-11-11)

Added protocol changes to the sident code to allow the user-interaction flags to be set/unset. The Unix responder ignores these flags. The programming interface to setting the flags is

    ident_set_authflag(char *flag, char *value);
    ident_get_authflag(char *flag, char *value);

The functions return either IDENT_AUTH_OKAY, IDENT_INVALID_FLAG_VALUE, or IDENT_FLAG_NOT_SUPPORTED. Currently the only flag is USER-INTERACTION with the values YES or NO.

Merged in the new kernel code from the latest release of pidentd. Conversion to using lsof kernel interface code is still on the TODO list.

Converted to XHTML by faq2html version 1.33