[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Shishi 0.0.4 alpha released

From: Simon Josefsson
Subject: Shishi 0.0.4 alpha released
Date: Sun, 31 Aug 2003 16:30:06 +0200
User-agent: Gnus/5.1003 (Gnus v5.10.3) Emacs/21.3.50 (gnu/linux)

Shishi is a (still incomplete) implementation of the Kerberos 5
network authentication system.  Shishi can be used to authenticate
users in distributed systems.

Shishi contains a library ('libshishi') that can be used by
application developers to add support for Kerberos 5.  Shishi contains
a command line utility ('shishi') that is used by users to acquire and
manage tickets (and more).  The server side, a Key Distribution
Center, is implemented by 'shishid'.  Of course, a manual documenting
usage aspects as well as the programming API is included.

Shishi currently supports AS/TGS exchanges for acquiring tickets, the
AP exchange for performing client and server authentication, and SAFE
for integrity protected application data exchanges.  Shishi is
internationalized; error and status messages can be translated into
the users' language; user name and passwords can be converted into any
available character set (normally including ISO-8859-1 and UTF-8) and
also be processed using an experimental Stringprep profile.  The
des-cbc-md4, des-cbc-md5, des3-cbc-sha1-kd, aes128-cts-hmac-sha1-96,
and aes256-cts-hmac-sha1-96 encryption types, and the rsa-md4-des,
rsa-md5-des, hmac-sha1-des3-kd, hmac-sha1-96-aes128,
hmac-sha1-96-aes256 checksum types are supported.

Shishi is developed for the GNU/Linux system, but runs on over 20
platforms including most major Unix platforms and Windows, and many
kind of devices including iPAQ handhelds and S/390 mainframes.

Shishi is free software licensed under the GNU Public License.

The project web page:

Here are the compressed sources:   (1.8MB)

Here are GPG detached signatures using key 0xB565716F:

Here are the MD5 and SHA1 signatures:

e1aa632025f0f604353ed909ec2e031e  shishi-0.0.4.tar.gz
de5cab8f4344f7cde19e016e9d76f0a176e7d517  shishi-0.0.4.tar.gz

All noteworthy changes not announced here:

* Version 0.0.4 (released 2003-08-31)

** The rsh/rlogin client 'rsh-redone' ported to Shishi, by Nicolas Pouvesle.
The client is located in extra/rsh-redone/.  It supports
authentication and encryption.  It interoperate with other

** Authenticator subkeys are supported, and is used by default in AP/TGS.
Some KDCs does not understand subkeys in TGS requests, and use the
session key instead.  Shishi detect and work around this problem but
prints a warning.

** Simplistic key distribution center (KDC) is working.
See the Administration Manual for a walk through on how to get it up
and running.

** Various API changes.

* Version 0.0.3 (released 2003-08-22)

** Documentation fixes.

** Cleanups.

* Version 0.0.2 (released 2003-08-17)

** Command line handling of the 'shishi' application rewritten.
See the (updated) user manual and --help output for the new story.

** It is possible to acquire renewable tickets.

** Example client and server included.
Application data protection is not supported, but authentication is
demonstrated.  The files are in src/client.c and src/server.c.

** New configuration verbs: 'ticket-life' and 'renew-life'.

** AES ciphers didn't work when nettle was used.

** Cleanups, bug fixes and improved portability.

* Version 0.0.1 (released 2003-08-10)

** InetUtils copy removed.
The patches (also found in extra/inetutils.diff) are forwarded upstream.

** Libidn copy removed.
Libidn is optional, but recommended.  It is used automatically if
present on your system.

** Gettext not included.
Due to some conflicts between libtool and gettext, if you want i18n on
platforms that does not already have a useful gettext implementation,
you can install GNU gettext before building this package.  If you
don't care about i18n, this package should work fine (except for i18n,
of course).

** Low-level crypto uses nettle if libgcrypt is not installed.
Libgcrypt is not shipped with Shishi any more, instead a more
streamlined crypto implementation based on nettle is included.
Specify --with-libgcrypt to use libgcrypt.

** Libtasn1 updated and replaced by "minitasn1" from gnutls.
Specify --with-system-libtasn1 to link with the installed libtasn1, if
you have it.

** KDC addresses are now found via DNS SRV RRs as a last resort.
This is only enabled if libresolv and resolv.h is found on your

** Argp and other compatibility files replaced by gl/ directory.

** Cleanups, bug fixes and various improvements.

* Version 0.0.0 (released 2003-06-02)

** Initial release

reply via email to

[Prev in Thread] Current Thread [Next in Thread]