Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Link to Us
Linux Jobs

More on LinuxToday

Release Digest: GNU, December 12, 2003

Dec 12, 2003, 23:30 (0 Talkback[s])

3DLDF 1.1.4

3DLDF 1.1.4 has been released.
3DLDF 1.1.4 is a GNU package for three-dimensional drawing with MetaPost output.

It can be downloaded from

New in version 1.1.4:

The Texinfo manual can now be generated in Info and HTML formats.

Bug fix in the shell script 3DLDF-1.1.4/CWEB/tsthdweb that's used by 3DLDF-1.1.4/CWEB/Makefile to control rebuilding. Previously, files were sometimes retangled and recompiled unnecessarily. I believe I've fixed the problem now, but it's tricky, so I'll have to keep an eye on it.

Added the function Rectangle::is_rectangular() and made mediate() a member function in class Point.

MAX_REAL is now really the second largest float, but only on 32-bit, little-endian architectures. On other architectures, 3dldf will exit with an error message. I plan to make this work on other architectures soon.

Laurence Finston
3DLDF maintainer

Shishi 0.0.9 alpha

I am pleased to announce a new release of Shishi.

Shishi is an implementation of the Kerberos 5 network authentication system. Shishi can be used to authenticate users in distributed systems.

Due to the problems with Savannah, the web pages have not been updated. I hope to upload the manual to the web pages soon. Meanwhile, the manual is included in the release, in the Info format, PostScript and PDF.

The project page of the library is available at:

Here are the compressed sources: (2.3MB) (2.3MB)

Here are GPG detached signatures using key 0xB565716F:

Here are the build reports for various platforms:

Here are the MD5 checksums:
eb4b35415b3c809dc6b334f20335e46c shishi-0.0.9.tar.gz
95d19a72c7563e32473c65a1af3a5832 shishi-0.0.9.tar.gz.asc
e2b38f014ae8d3d269bc31b77f288bde shishi-0.0.9.tar.gz.sig

Noteworthy changes (since 0.0.4, last version announced here):

  • Version 0.0.9 (released 2003-12-12)
    • A Kerberos 5 information storage system added, called Shisa. Shisa is used by Kerberos 5 servers (KDCs) to find information about principals. Shisa can be extended to support various backends, such as LDAP and SQL databases, but currently only a file system based database is supported. Shisa consists of two parts, a library (libshisa, see db/) and a command line tool (shisa, see src/). Shisa is designed to be concurrent write safe, i.e., multiple writers to the same database is permitted. This is very much work in progress.
    • A new tool 'shisa' added to add/remove/list/modify the Shisa database.
    • The Administration and Reference Manual has been (re)written. There is now a step-by-step walk-through on creating the database for a new realm, adding a few principals, starting the server and testing it by getting tickets.
    • Shishid (the Kerberos server) now read keys via the Shisa database. The old hostkeys-alike file based "database" is no longer supported.
    • A sample Shisa database and host keys are created during installation. The default realm name (typically your hostname) is used, which might not be what you prefer, but should get you started.
    • Improve behaviour with poorly synchronized clocks. Earlier newly acquired tickets were discarded if they were not yet valid when you acquire them. Now tickets are only discarded when their end time is in the past.
    • Support for DES and 3DES without integrity checking re-added. Those encryption algorithms are needed by GSS Wrap/Unwrap, but was accidently removed from Shishi during an earlier cleanup.
    • When Libgcrypt is used, ARCFOUR now handle streamed operations. This is needed for, e.g., Kerberos rsh in the Shishi patched version of GNU InetUtils.
    • Paths to configurations files and host keys changed. The configuration files and host keys are now stored (by default, but see next entry) in $prefix/etc/shishi/, instead of, as it was before, in $prefix/etc (for configuration and host keys) and $prefix/share/shishi (for user configuration file template).
    • Paths to configurations, host keys and the database root now configurable. The configure parameters --with-conf-dir, --with-skel-dir, --with-key-dir, and --with-db-dir can be used to specify the location of shishi.conf and shisa.conf (system configuration files), shishi.skel (user configuration file template), shishi.keys (host specific keys) and the Shisa database root, respectively.
    • IANA allocated Telnet Encrypt command 12 for the AES-CCM mode.
    • Autoconf 2.59, Automake 1.8, and Libtool from CVS is used.
    • Some more self tests were added.
  • Version 0.0.8 (released 2003-10-16)
    • Passwords are processed with SASLprep instead of KRBprep.
    • Authorization improvements.
    • Documentation additions. Protocol descriptions for STARTTLS, AES-CCM encrypted telnet, and Kerberos rsh/rlogin.
    • Support for upgrading TCP connections to KDC to TLS supported (STARTTLS). STARTTLS support will be compiled in automatically, if you have GNUTLS installed, but can be disabled unconditionally by configuring with --disable-tls. Use the 'realm-kdc' configuration token to specify which KDCs the client should use it against, e.g., 'realm-kdc=MYREALM.ORG,'.
  • Version 0.0.7 (released 2003-09-21)
    • Encryption types can now be referred to using shorter aliases. E.g., you can write "aes" instead of "aes256-cts-hmac-sha1-96".
    • ARCFOUR encryption support according to draft-brezak-win2k-krb-rc4-hmac-04.
    • DES-CBC-CRC now works.
  • Version 0.0.6 (released 2003-09-14)
    • Proxiable, proxy, forwardable and forwarded tickets supported. See the User Manual for discussion and examples.
    • Man pages for all public functions are included.
    • Installed versions of Libgcrypt and libtasn1 used where possible. Shishi need Libgcrypt 1.1.44 or later, and libtasn1 0.2.5 or later. If a usable version is not found, the internal Nettle (crypto/) and/or libminitasn1 (asn1/) libraries are used instead.
    • It is possible to enable and disable part of the system at compile time. See --disable-des, --disable-3des, --disable-aes, --disable-md, --disable-null, and --enable-arcfour.
    • The internal crypto interface now fully modularized. If you wish to add support for a new low-level cryptographic library, to, e.g., utilize specialized hardware, it is now easy to do so. Two wrappers for Nettle (lib/nettle.c) and Libgcrypt (lib/libgcrypt.c) are included.
    • Logging destination for warnings and informational messages can be changed. By default, message are sent to stderr for clients, and syslog for servers. See the new API functions shishi_outputtype and shishi_set_outputtype for more information.
  • Version 0.0.5 (released 2003-09-07)
    • Server host name to realm mapping via DNS supported.
    • SAFE functions improved. Example code of a client using integrity protected application data exchanges is in examples/client-safe.c and examples/server.c.
    • PRIV functions added. Example code of a client using privacy protected application data exchanges is in examples/client-priv.c.
    • Documentation improvements. E.g., a reference manual was added, that document the configuration file, and the shishi and shishid parameters.
    • Various API changes.