Shishi NEWS -- History of user-visible changes.                 -*- outline -*-
Copyright (C) 2002, 2003 Simon Josefsson
See the end for copying conditions.

* Version 0.0.7 (released 2003-09-21)

** Encryption types can now be referred to using shorter aliases.
E.g., you can write "aes" instead of "aes256-cts-hmac-sha1-96".

** ARCFOUR encryption support according to draft-brezak-win2k-krb-rc4-hmac-04.

** DES-CBC-CRC now works.

* Version 0.0.6 (released 2003-09-14)

** Proxiable, proxy, forwardable and forwarded tickets supported.
See the User Manual for discussion and examples.

** Man pages for all public functions are included.

** Installed versions of Libgcrypt and libtasn1 used where possible.
Shishi need Libgcrypt 1.1.44 or later, and libtasn1 0.2.5 or later.
If a usable version is not found, the internal Nettle (crypto/) and/or
libminitasn1 (asn1/) libraries are used instead.

** It is possible to enable and disable part of the system at compile time.
See --disable-des, --disable-3des, --disable-aes, --disable-md,
--disable-null, and --enable-arcfour.

** The internal crypto interface now fully modularized.
If you wish to add support for a new low-level cryptographic library,
to, e.g., utilize specialized hardware, it is now easy to do so.  Two
wrappers for Nettle (lib/nettle.c) and Libgcrypt (lib/libgcrypt.c) are
included.

** Logging destination for warnings and informational messages can be changed.
By default, message are sent to stderr for clients, and syslog for
servers.  See the new API functions shishi_outputtype and
shishi_set_outputtype for more information.

* Version 0.0.5 (released 2003-09-07)

** Server host name to realm mapping via DNS supported.

** SAFE functions improved.
Example code of a client using integrity protected application data
exchanges is in examples/client-safe.c and examples/server.c.

** PRIV functions added.
Example code of a client using privacy protected application data
exchanges is in examples/client-priv.c.

** Documentation improvements.
E.g., a reference manual was added, that document the configuration
file, and the shishi and shishid parameters.

** Various API changes.

* Version 0.0.4 (released 2003-08-31)

** The rsh/rlogin client 'rsh-redone' ported to Shishi, by Nicolas Pouvesle.
The client is located in extra/rsh-redone/.  It supports
authentication and encryption.  It interoperate with other
implementations.

** Authenticator subkeys are supported, and is used by default in AP/TGS.
Some KDCs does not understand subkeys in TGS requests, and use the
session key instead.  Shishi detect and work around this problem but
prints a warning.

** Simplistic key distribution center (KDC) is working.
See the Administration Manual for a walk through on how to get it up
and running.

** Various API changes.

* Version 0.0.3 (released 2003-08-22)

** Documentation fixes.

** Cleanups.

* Version 0.0.2 (released 2003-08-17)

** Command line handling of the 'shishi' application rewritten.
See the (updated) user manual and --help output for the new story.

** It is possible to acquire renewable tickets.

** Example client and server included.
Application data protection is not supported, but authentication is
demonstrated.  The files are in src/client.c and src/server.c.

** New configuration verbs: 'ticket-life' and 'renew-life'.

** AES ciphers didn't work when nettle was used.

** Cleanups, bug fixes and improved portability.

* Version 0.0.1 (released 2003-08-10)

** InetUtils copy removed.
The patches (also found in extra/inetutils.diff) are forwarded upstream.

** Libidn copy removed.
Libidn is optional, but recommended.  It is used automatically if
present on your system.

** Gettext not included.
Due to some conflicts between libtool and gettext, if you want i18n on
platforms that does not already have a useful gettext implementation,
you can install GNU gettext before building this package.  If you
don't care about i18n, this package should work fine (except for i18n,
of course).

** Low-level crypto uses nettle if libgcrypt is not installed.
Libgcrypt is not shipped with Shishi any more, instead a more
streamlined crypto implementation based on nettle is included.
Specify --with-libgcrypt to use libgcrypt.

** Libtasn1 updated and replaced by "minitasn1" from gnutls.
Specify --with-system-libtasn1 to link with the installed libtasn1, if
you have it.

** KDC addresses are now found via DNS SRV RRs as a last resort.
This is only enabled if libresolv and resolv.h is found on your
system.

** Argp and other compatibility files replaced by gl/ directory.

** Cleanups, bug fixes and various improvements.

* Version 0.0.0 (released 2003-06-02)

** Initial release

----------------------------------------------------------------------
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved.
