Linux Today: Linux News On Internet Time.

Release Digest: GNU, April 19, 2004

Apr 20, 2004, 04:45 (0 Talkback[s])

Shishi 0.0.15 alpha

Shishi is a (still incomplete) implementation of the Kerberos 5 network authentication system. Shishi can be used to authenticate users in distributed systems.

Shishi contains a library ('libshishi') that can be used by application developers to add support for Kerberos 5. Shishi contains a command line utility ('shishi') that is used by users to acquire and manage tickets (and more). The server side, a Key Distribution Center, is implemented by 'shishid', and support X.509 authenticated TLS via GnuTLS. Of course, a manual documenting usage aspects as well as the programming API is included.

Shishi currently supports AS/TGS exchanges for acquiring tickets, the AP exchange for performing client and server authentication, and SAFE/PRIV for integrity/privacy protected application data exchanges.

Shishi is developed for the GNU/Linux system, but runs on over 20 platforms including most major Unix platforms and Windows, and many kind of devices including iPAQ handhelds and S/390 mainframes.

Shishi is free software licensed under the GNU General Public License.

The project page of the library is available at:

Here are the compressed sources:
ftp://alpha.gnu.org/gnu/shishi/shishi-0.0.15.tar.gz (2.6MB)
http://josefsson.org/shishi/releases/shishi-0.0.15.tar.gz (2.6MB)

Here are GPG detached signatures using key 0xB565716F:

Here are the build reports for various platforms:

Here are the MD5/SHA1 checksums:

8ac3ef47d3a4536f893c5dec5516f50e shishi-0.0.15.tar.gz
fb43452076e5b4a6bc430c6ecfd9359d shishi-0.0.15.tar.gz.sig
099e88663a96e1f5a05d7a5b3294a3917361cb94 shishi-0.0.15.tar.gz
1239c9a3a53d994f2be5f85381df877e93e5b115 shishi-0.0.15.tar.gz.sig

Noteworthy changes (since 0.0.13, last version announced here):

  • Version 0.0.15 (released 2004-04-18)
    • Sequence numbers in Authenticator and EncAPRepPart are now randomized.
    • Low-level fixes of AES Cipher Text Stealing mode. Also added more AES/CTS self tests.
    • Configuration tokens spelled correctly ("verbose-noice" -> "verbose-noise").
    • Polish translation added, by Jakub Bogusz.
    • Various bugfixes and cleanups.
  • Version 0.0.14 (released 2004-01-22)
    • High-level AP interface now support setting raw checksum field values. This is needed for certain applications that, like GSS-API, put non-standard data in the checksum field of the Authenticator in a AP-REQ.
    • Various minor bugfixes.

GNU Generic Security Service Library (GSSLib) 0.0.9 alpha

GSS is an implementation of the Generic Security Service Application Program Interface (GSS-API). GSS-API is used by network servers to provide security services, e.g., to authenticate SMTP/IMAP clients against SMTP/IMAP servers. GSS consists of a library, a manual, and a command line tool for debugging purposes.

While written to be flexible with regards to different GSS mechanisms, the only currently supported mechanism is Kerberos 5 via GNU Shishi.

The project page of the library is available at:

Here are the compressed sources:
ftp://alpha.gnu.org/gnu/gss/gss-0.0.11.tar.gz (1.3MB)
http://josefsson.org/gss/releases/gss-0.0.11.tar.gz (1.3MB)

Here are GPG detached signatures using key 0xB565716F:

Here are the build reports for various platforms:

Here are the MD5/SHA1 checksums:

9e7d1f547c57486e03909c5a2a07460b gss-0.0.11.tar.gz
92e8bb330d934a3d457587fee560958c gss-0.0.11.tar.gz.sig
5976f62d6171c8c5f7188abf4f5a07716ad362f2 gss-0.0.11.tar.gz
728bdc6492aa16cfedfa74c98092c41952dcf8cf gss-0.0.11.tar.gz.sig

Noteworthy changes (since 0.0.9, last version announced here):

  • Changes in 0.0.11 (released 2004-04-18)
    • Minor cleanups to the core header file. Using xom.h is no longer supported (the file doesn't exist on modern systems).
    • Kerberos 5 sequence number handling fixed. First, gss_init_sec_context set the sequence numbers correctly, before the incorrect sequence numbers prevented gss_(un)wrap from working correctly. Secondly, gss_unwrap now check the sequence numbers correctly. This was prompted by the addition of randomized sequence numbers by default in Shishi 0.0.15.
    • The compatibility files in gl/ where synced with Gnulib.
    • Various bugfixes and cleanups.
    • Polish translation added, by Jakub Bogusz.
  • Changes in 0.0.10 (released 2004-01-22)
    • A command line tool "gss" added in src/. The tool can be used to split up an GSS-API error code into the calling error, the routine error and the supplementary info bits, and to print text describing the error condition.
    • gss_display_status can return multiple description texts (using context).
    • The Swedish translation has been updated.
    • Various cleanups and improvements.