Linux Today: Linux News On Internet Time.

More on LinuxToday

Release Digest: GNU, September 4, 2003

Sep 05, 2003, 05:00 (0 Talkback[s])


How to Help Your Business Become an AI Early Adopter

Shishi 0.0.4 alpha

Shishi is a (still incomplete) implementation of the Kerberos 5 network authentication system. Shishi can be used to authenticate users in distributed systems.

Shishi contains a library ('libshishi') that can be used by application developers to add support for Kerberos 5. Shishi contains a command line utility ('shishi') that is used by users to acquire and manage tickets (and more). The server side, a Key Distribution Center, is implemented by 'shishid'. Of course, a manual documenting usage aspects as well as the programming API is included.

Shishi currently supports AS/TGS exchanges for acquiring tickets, the AP exchange for performing client and server authentication, and SAFE for integrity protected application data exchanges. Shishi is internationalized; error and status messages can be translated into the users' language; user name and passwords can be converted into any available character set (normally including ISO-8859-1 and UTF-8) and also be processed using an experimental Stringprep profile. The des-cbc-md4, des-cbc-md5, des3-cbc-sha1-kd, aes128-cts-hmac-sha1-96, and aes256-cts-hmac-sha1-96 encryption types, and the rsa-md4-des, rsa-md5-des, hmac-sha1-des3-kd, hmac-sha1-96-aes128, hmac-sha1-96-aes256 checksum types are supported.

Shishi is developed for the GNU/Linux system, but runs on over 20 platforms including most major Unix platforms and Windows, and many kind of devices including iPAQ handhelds and S/390 mainframes.

Shishi is free software licensed under the GNU Public License.

The project web page:

Here are the compressed sources:
http://josefsson.org/shishi/releases/shishi-0.0.4.tar.gz (1.8MB)

Here are GPG detached signatures using key 0xB565716F:

Here are the MD5 and SHA1 signatures:

e1aa632025f0f604353ed909ec2e031e shishi-0.0.4.tar.gz
de5cab8f4344f7cde19e016e9d76f0a176e7d517 shishi-0.0.4.tar.gz

All noteworthy changes not announced here:

  • Version 0.0.4 (released 2003-08-31)
    • The rsh/rlogin client 'rsh-redone' ported to Shishi, by Nicolas Pouvesle. The client is located in extra/rsh-redone/. It supports authentication and encryption. It interoperate with other implementations.
    • Authenticator subkeys are supported, and is used by default in AP/TGS. Some KDCs does not understand subkeys in TGS requests, and use the session key instead. Shishi detect and work around this problem but prints a warning.
    • Simplistic key distribution center (KDC) is working. See the Administration Manual for a walk through on how to get it up and running.
    • Various API changes.
  • Version 0.0.3 (released 2003-08-22)
    • Documentation fixes.
    • Cleanups.
  • Version 0.0.2 (released 2003-08-17)
    • Command line handling of the 'shishi' application rewritten. See the (updated) user manual and --help output for the new story.
    • It is possible to acquire renewable tickets.
    • Example client and server included. Application data protection is not supported, but authentication is demonstrated. The files are in src/client.c and src/server.c.
    • New configuration verbs: 'ticket-life' and 'renew-life'.
    • AES ciphers didn't work when nettle was used.
    • Cleanups, bug fixes and improved portability.
  • Version 0.0.1 (released 2003-08-10)
    • InetUtils copy removed. The patches (also found in extra/inetutils.diff) are forwarded upstream.
    • Libidn copy removed. Libidn is optional, but recommended. It is used automatically if present on your system.
    • Gettext not included. Due to some conflicts between libtool and gettext, if you want i18n on platforms that does not already have a useful gettext implementation, you can install GNU gettext before building this package. If you don't care about i18n, this package should work fine (except for i18n, of course).
    • Low-level crypto uses nettle if libgcrypt is not installed. Libgcrypt is not shipped with Shishi any more, instead a more streamlined crypto implementation based on nettle is included. Specify --with-libgcrypt to use libgcrypt.
    • Libtasn1 updated and replaced by "minitasn1" from gnutls. Specify --with-system-libtasn1 to link with the installed libtasn1, if you have it.
    • KDC addresses are now found via DNS SRV RRs as a last resort. This is only enabled if libresolv and resolv.h is found on your system.
    • Argp and other compatibility files replaced by gl/ directory.
    • Cleanups, bug fixes and various improvements.
  • Version 0.0.0 (released 2003-06-02)
    • Initial release