Release Digest: GNU, September 4, 2003
Sep 05, 2003, 05:00 (0 Talkback[s])
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
Shishi 0.0.4 alpha
Shishi is a (still incomplete) implementation of the Kerberos 5
network authentication system. Shishi can be used to authenticate
users in distributed systems.
Shishi contains a library ('libshishi') that can be used by
application developers to add support for Kerberos 5. Shishi
contains a command line utility ('shishi') that is used by users to
acquire and manage tickets (and more). The server side, a Key
Distribution Center, is implemented by 'shishid'. Of course, a
manual documenting usage aspects as well as the programming API is
Shishi currently supports AS/TGS exchanges for acquiring
tickets, the AP exchange for performing client and server
authentication, and SAFE for integrity protected application data
exchanges. Shishi is internationalized; error and status messages
can be translated into the users' language; user name and passwords
can be converted into any available character set (normally
including ISO-8859-1 and UTF-8) and also be processed using an
experimental Stringprep profile. The des-cbc-md4, des-cbc-md5,
des3-cbc-sha1-kd, aes128-cts-hmac-sha1-96, and
aes256-cts-hmac-sha1-96 encryption types, and the rsa-md4-des,
rsa-md5-des, hmac-sha1-des3-kd, hmac-sha1-96-aes128,
hmac-sha1-96-aes256 checksum types are supported.
Shishi is developed for the GNU/Linux system, but runs on over
20 platforms including most major Unix platforms and Windows, and
many kind of devices including iPAQ handhelds and S/390
Shishi is free software licensed under the GNU Public
The project web page:
Here are the compressed sources:
Here are GPG detached signatures using key 0xB565716F:
Here are the MD5 and SHA1 signatures:
All noteworthy changes not announced here:
- Version 0.0.4 (released 2003-08-31)
- The rsh/rlogin client 'rsh-redone' ported to Shishi, by Nicolas
Pouvesle. The client is located in extra/rsh-redone/. It supports
authentication and encryption. It interoperate with other
- Authenticator subkeys are supported, and is used by default in
AP/TGS. Some KDCs does not understand subkeys in TGS requests, and
use the session key instead. Shishi detect and work around this
problem but prints a warning.
- Simplistic key distribution center (KDC) is working. See the
Administration Manual for a walk through on how to get it up and
- Various API changes.
- Version 0.0.3 (released 2003-08-22)
- Documentation fixes.
- Version 0.0.2 (released 2003-08-17)
- Command line handling of the 'shishi' application rewritten.
See the (updated) user manual and --help output for the new
- It is possible to acquire renewable tickets.
- Example client and server included. Application data protection
is not supported, but authentication is demonstrated. The files are
in src/client.c and src/server.c.
- New configuration verbs: 'ticket-life' and 'renew-life'.
- AES ciphers didn't work when nettle was used.
- Cleanups, bug fixes and improved portability.
- Version 0.0.1 (released 2003-08-10)
- InetUtils copy removed. The patches (also found in
extra/inetutils.diff) are forwarded upstream.
- Libidn copy removed. Libidn is optional, but recommended. It is
used automatically if present on your system.
- Gettext not included. Due to some conflicts between libtool and
gettext, if you want i18n on platforms that does not already have a
useful gettext implementation, you can install GNU gettext before
building this package. If you don't care about i18n, this package
should work fine (except for i18n, of course).
- Low-level crypto uses nettle if libgcrypt is not installed.
Libgcrypt is not shipped with Shishi any more, instead a more
streamlined crypto implementation based on nettle is included.
Specify --with-libgcrypt to use libgcrypt.
- Libtasn1 updated and replaced by "minitasn1" from gnutls.
Specify --with-system-libtasn1 to link with the installed libtasn1,
if you have it.
- KDC addresses are now found via DNS SRV RRs as a last resort.
This is only enabled if libresolv and resolv.h is found on your
- Argp and other compatibility files replaced by gl/
- Cleanups, bug fixes and various improvements.
- Version 0.0.0 (released 2003-06-02)