Kerberos Version 5, Release 1.22
Release Notes
The MIT Kerberos Team
Copyright and Other Notices
---------------------------
Copyright (C) 1985-2025 by the Massachusetts Institute of Technology
and its contributors. All rights reserved.
Please see the file named NOTICE for additional notices.
Documentation
-------------
Unified documentation for Kerberos V5 is available in both HTML and
PDF formats. The table of contents of the HTML format documentation
is at doc/html/index.html, and the PDF format documentation is in the
doc/pdf directory.
Additionally, you may find copies of the HTML format documentation
online at
https://web.mit.edu/kerberos/krb5-latest/doc/
for the most recent supported release, or at
https://web.mit.edu/kerberos/krb5-devel/doc/
for the release under development.
More information about Kerberos may be found at
https://web.mit.edu/kerberos/
and at the MIT Kerberos Consortium web site
https://kerberos.org/
Building and Installing Kerberos 5
----------------------------------
Build documentation is in doc/html/build/index.html or
doc/pdf/build.pdf.
The installation guide is in doc/html/admin/install.html or
doc/pdf/install.pdf.
If you are attempting to build under Windows, please see the
src/windows/README file.
Reporting Bugs
--------------
Please report any problems/bugs/comments by sending email to
[email protected].
You may view bug reports by visiting
https://krbdev.mit.edu/rt/
and using the "Guest Login" button. Please note that the web
interface to our bug database is read-only for guests, and the primary
way to interact with our bug database is via email.
PAC transitions
---------------
Beginning with release 1.20, the KDC will include minimal PACs in
tickets instead of AD-SIGNEDPATH authdata. S4U requests (protocol
transition and constrained delegation) must now contain valid PACs in
the incoming tickets. Beginning with release 1.21, service ticket
PACs will contain a new KDC checksum buffer, to mitigate a hash
collision attack against the old KDC checksum. If only some KDCs in a
realm have been upgraded across versions 1.20 or 1.21, the upgraded
KDCs will reject S4U requests containing tickets from non-upgraded
KDCs and vice versa.
Triple-DES and RC4 transitions
------------------------------
Beginning with the krb5-1.21 release, the KDC will not issue tickets
with triple-DES or RC4 session keys unless explicitly configured using
the new allow_des3 and allow_rc4 variables in [libdefaults]. To
facilitate the negotiation of session keys, the KDC will assume that
all services can handle aes256-sha1 session keys unless the service
principal has a session_enctypes string attribute.
Beginning with the krb5-1.19 release, a warning will be issued if
initial credentials are acquired using the des3-cbc-sha1 encryption
type. Beginning with the krb5-1.21 release, a warning will also be
issued for the arcfour-hmac encryption type. In future releases,
these encryption types will be disabled by default and eventually
removed.
Beginning with the krb5-1.18 release, all support for single-DES
encryption types has been removed.
Major changes in 1.22.1 (2025-08-20)
------------------------------------
This is a bug fix release.
* Fix a vulnerability in GSS MIC verification [CVE-2025-57736].
krb5-1.22.1 changes by ticket ID
--------------------------------
9181 verify_mic_v3 broken in 1.22
Major changes in 1.22 (2025-08-05)
----------------------------------
User experience:
* The libdefaults configuration variable "request_timeout" can be set
to limit the total timeout for KDC requests. When making a KDC
request, the client will now wait indefinitely (or until the request
timeout has elapsed) on a KDC which accepts a TCP connection,
without contacting any additional KDCs. Clients will make fewer DNS
queries in some configurations.
* The realm configuration variable "sitename" can be set to cause the
client to query site-specific DNS records when making KDC requests.
Administrator experience:
* Principal aliases are supported in the DB2 and LMDB KDB modules and
in the kadmin protocol. (The LDAP KDB module has supported aliases
since release 1.7.)
* UNIX domain sockets are supported for the Kerberos and kpasswd
protocols.
* systemd socket activation is supported for krb5kdc and kadmind.
Developer experience:
* KDB modules can be be implemented in terms of other modules using
the new krb5_db_load_module() function.
* The profile library supports the modification of empty profiles and
the copying of modified profiles, making it possible to construct an
in-memory profile and pass it to krb5_init_context_profile().
* GSS-API applications can pass the GSS_C_CHANNEL_BOUND flag to
gss_init_sec_context() to request strict enforcement of channel
bindings by the acceptor.
Protocol evolution:
* The PKINIT preauth module supports elliptic curve client
certificates, ECDH key exchange, and the Microsoft paChecksum2
field.
* The IAKERB implementation has been changed to comply with the most
recent draft standard and to support realm discovery.
* Message-Authenticator is supported in the RADIUS implementation used
by the OTP kdcpreauth module.
Code quality:
* Removed old-style function declarations, to accomodate compilers
which have removed support for them.
* Added OSS-Fuzz to the project's continuous integration
infrastructure.
* Rewrote the GSS per-message token parsing code for improved safety.
krb5-1.22 changes by ticket ID
------------------------------
7721 Primary KDC lookups happen sooner than necessary
7899 Client waits before moving on after KDC_ERR_SVC_UNAVAILABLE
8618 ksu doesn't exit nonzero
9094 Get arm64-windows builds working
9095 PKINIT ECDH support
9096 Enable PKINIT if at least one group is available
9100 Add ecdsa-with-sha512/256 to supportedCMSTypes
9105 Wait indefinitely on KDC TCP connections
9106 Add request_timeout configuration parameter
9108 Remove PKINIT RSA support
9110 profile library null dereference when modifying empty profile
9111 Correct PKINIT EC cert signature metadata
9112 Support PKCS11 EC client certs in PKINIT
9113 Improve PKCS11 error reporting in PKINIT
9114 Build fails with link-time optimization
9116 Improve error message for DES kadmin/history key
9118 profile write operation interactions with reloading
9119 Make profile_copy() work on dirty profiles
9120 profile final flag limitations
9121 Don't flush libkrb5 context profiles
9122 Add GSS flag to include KERB_AP_OPTIONS_CBT
9123 Correct IAKERB protocol implementation
9124 Support site-local KDC discovery via DNS
9126 Handle empty initial buffer in IAKERB initiator
9130 make krb5_get_default_config_files public
9131 Adjust removed cred detection in FILE ccache
9132 Change krb5_get_credentials() endtime behavior
9133 Add acceptor-side IAKERB realm discovery
9135 Replace Windows installer FilesInUse dialog text
9139 Block library unloading to avoid finalizer races
9141 Fix krb5_crypto_us_timeofday() microseconds check
9142 Generate and verify message MACs in libkrad
9143 Fix memory leak in PAC checksum verification
9144 Fix potential PAC processing crash
9145 Prevent late initialization of GSS error map
9146 Allow null keyblocks in IOV checksum functions
9147 Add numeric constants to krad.h and use them
9148 Fix krb5_ldap_list_policy() filtering loop
9149 Use getentropy() when available
9151 Add kadmind support for disabling listening
9152 Default kdc_tcp_listen to kdc_listen value
9153 Fix LDAP module leak on authentication error
9154 Components of the X509_user_identity string cannot contain ':'
9155 UNIX domain socket support
9156 Allow KDB module stacking
9157 Add support for systemd socket activation
9158 Set missing mask flags for kdb5_util operations
9159 Prevent overflow when calculating ulog block size
9160 Allow only one salt type per enctype in key data
9161 Improve ulog block resize efficiency
9162 Build PKINIT on Windows
9163 Add alias support
9164 Add database format documentation
9165 Display NetBIOS ticket addresses in klist
9166 Add PKINIT paChecksum2 from MS-PKCA v20230920
9167 Add initiator-side IAKERB realm discovery
9168 Fix IAKERB accept_sec_context null pointer crash
9169 Fix IAKERB error handling
9170 Avoid gss_inquire_attrs_for_mech() null outputs
9171 Fix getsockname() call in Windows localaddr
9172 Check lengths in xdr_krb5_key_data()
9173 Limit -keepold for self-service key changes
9179 Avoid large numbers of refresh_time cache entries
Acknowledgements
----------------
Past Sponsors of the MIT Kerberos Consortium:
Apple
Carnegie Mellon University
Centrify Corporation
Columbia University
Cornell University
The Department of Defense of the United States of America (DoD)
Fidelity Investments
Google
Iowa State University
MIT
Michigan State University
Microsoft
MITRE Corporation
Morgan-Stanley
The National Aeronautics and Space Administration
of the United States of America (NASA)
Network Appliance (NetApp)
Nippon Telephone and Telegraph (NTT)
US Government Office of the National Coordinator for Health
Information Technology (ONC)
Oracle
Pennsylvania State University
Red Hat
Stanford University
TeamF1, Inc.
The University of Alaska
The University of Michigan
The University of Pennsylvania
Past and present members of the Kerberos Team at MIT:
Danilo Almeida
Jeffrey Altman
Justin Anderson
Richard Basch
Mitch Berger
Jay Berkenbilt
Andrew Boardman
Bill Bryant
Steve Buckley
Joe Calzaretta
John Carr
Mark Colan
Don Davis
Sarah Day
Alexandra Ellwood
Carlos Garay
Dan Geer
Nancy Gilman
Matt Hancher
Thomas Hardjono
Sam Hartman
Paul Hill
Marc Horowitz
Eva Jacobus
Miroslav Jurisic
Barry Jaspan
Benjamin Kaduk
Geoffrey King
Kevin Koch
John Kohl
HaoQi Li
Jonathan Lin
Peter Litwack
Scott McGuire
Steve Miller
Kevin Mitchell
Cliff Neuman
Paul Park
Ezra Peisach
Chris Provenzano
Ken Raeburn
Jon Rochlis
Jeff Schiller
Jen Selby
Robert Silk
Bill Sommerfeld
Jennifer Steiner
Ralph Swick
Brad Thompson
Harry Tsai
Zhanna Tsitkova
Ted Ts'o
Marshall Vale
Taylor Yu
The following external contributors have provided code, patches, bug
reports, suggestions, and valuable resources:
Ian Abbott
Daniel Albers
Brandon Allbery
Russell Allbery
Brian Almeida
Michael B Allen
Pooja Anil
Jeffrey Arbuckle
Heinz-Ado Arnolds
Derek Atkins
Mark Bannister
David Bantz
Alex Baule
Nikhil Benesch
David Benjamin
Thomas Bernard
Adam Bernstein
Arlene Berry
Jeff Blaine
Toby Blake
Radoslav Bodo
Alexander Bokovoy
Zoltan Borbely
Sumit Bose
Emmanuel Bouillon
Isaac Boukris
Ulf Bremer
Pavel Březina
Philip Brown
Samuel Cabrero
Michael Calmer
Andrea Campi
Julien Chaffraix
Jacob Champion
Puran Chand
Ravi Channavajhala
Srinivas Cheruku
Leonardo Chiquitto
Rachit Chokshi
Seemant Choudhary
Howard Chu
Andrea Cirulli
Christopher D. Clausen
Kevin Coffman
Gerald Combs
Simon Cooper
Sylvain Cortes
Ian Crowther
Arran Cudbard-Bell
Adam Dabrowski
Jeff D'Angelo
Nalin Dahyabhai
Mark Davies
Dennis Davis
Rull Deef
Alex Dehnert
Misty De Meo
Mark Deneen
Günther Deschner
John Devitofranceschi
Marc Dionne
Roland Dowdeswell
Ken Dreyer
Dorian Ducournau
Francis Dupont
Viktor Dukhovni
Jason Edgecombe
Mark Eichin
Shawn M. Emery
Douglas E. Engert
Peter Eriksson
Juha Erkkilä
Gilles Espinasse
Valery Fedorenko
Sergey Fedorov
Ronni Feldt
Bill Fellows
JC Ferguson
Remi Ferrand
Paul Fertser
Fabiano Fidêncio
Frank Filz
William Fiveash
Jacques Florent
Oliver Freyermuth
Ákos Frohner
Sebastian Galiano
Ilya Gladyshev
Marcus Granado
Dylan Gray
Norm Green
Scott Grizzard
Helmut Grohne
Steve Grubb
Philip Guenther
Feng Guo
Timo Gurr
Dominic Hargreaves
Robbie Harwood
John Hascall
Jakob Haufe
Matthieu Hautreux
Jochen Hein
Paul B. Henson
Kihong Heo
Jeff Hodges
Christopher Hogan
Love Hörnquist Åstrand
Ken Hornstein
Henry B. Hotz
Luke Howard
Jakub Hrozek
Shumon Huque
Jeffrey Hutzelman
Sergey Ilinykh
Wyllys Ingersoll
Holger Isenberg
Spencer Jackson
Diogenes S. Jesus
Mike Jetzer
Pavel Jindra
Brian Johannesmeyer
Joel Johnson
Lutz Justen
Ganesh Kamath
Alexander Karaivanov
Anders Kaseorg
Bar Katz
Zentaro Kavanagh
Mubashir Kazia
W. Trevor King
Steffen Kieß
Patrik Kis
Martin Kittel
Thomas Klausner
Tomasz Kłoczko
Ivan Korytov
Matthew Krupcale
Mikkel Kruse
Reinhard Kugler
Harshawardhan Kulkarni
Tomas Kuthan
Pierre Labastie
Andreas Ladanyi
Chris Leick
Volker Lendecke
Jan iankko Lieskovsky
Todd Lipcon
Oliver Loch
Chris Long
Kevin Longfellow
Frank Lonigro
Jon Looney
Nuno Lopes
Todd Lubin
Ryan Lynch
Glenn Machin
Roland Mainz
Sorin Manolache
Robert Marshall
Andrei Maslennikov
Michael Mattioli
Nathaniel McCallum
Greg McClement
Cameron Meadors
Vipul Mehta
Alexey Melnikov
Ivan A. Melnikov
Franklyn Mendez
Stefan Metzmacher
Mantas Mikulėnas
Markus Moeller
Kyle Moffett
Jon Moore
Paul Moore
Keiichi Mori
Michael Morony
Robert Morris
Sam Morris
Zbysek Mraz
Edward Murrell
Bahaa Naamneh
Joshua Neuheisel
Nikos Nikoleris
Demi Obenour
Felipe Ortega
Michael Osipov
Andrej Ota
Dmitri Pal
Javier Palacios
Dilyan Palauzov
Tom Parker
Eric Pauly
Leonard Peirce
Ezra Peisach
Alejandro Perez
Zoran Pericic
W. Michael Petullo
Mark Phalan
Sharwan Ram
Brett Randall
Jonathan Reams
Jonathan Reed
Robert Relyea
Tony Reix
Martin Rex
Pat Riehecky
Julien Rische
Jason Rogers
Matt Rogers
Nate Rosenblum
Solly Ross
Mike Roszkowski
Guillaume Rousse
Joshua Schaeffer
Alexander Scheel
Jens Schleusener
Ryan Schmidt
Andreas Schneider
Eli Schwartz
Paul Seyfert
Tom Shaw
Jim Shi
Jerry Shipman
Peter Shoults
Richard Silverman
Cel Skeggs
Simo Sorce
Anthony Sottile
Michael Spang
Michael Ströder
Bjørn Tore Sund
Ondřej Surý
Joseph Sutton
Alexey Tikhonov
Joe Travaglini
Sergei Trofimovich
Greg Troxel
Fraser Tweedale
Tim Uglow
Rathor Vipin
Denis Vlasenko
Thomas Wagner
Jorgen Wahlsten
Stef Walter
Max (Weijun) Wang
John Washington
Stef Walter
Xi Wang
Nehal J Wani
Kevin Wasserman
Margaret Wasserman
Marcus Watts
Andreas Wiese
Simon Wilkinson
Nicolas Williams
Ross Wilper
Augustin Wolf
Garrett Wollman
David Woodhouse
Tsu-Phong Wu
Xu Qiang
Neng Xue
Zhaomo Yang
Tianjiao Yin
Nickolai Zeldovich
Bean Zhang
ChenChen Zhou
Hanz van Zijst
Gertjan Zwartjes
The above is not an exhaustive list; many others have contributed in
various ways to the MIT Kerberos development effort over the years.
