---

Home Developer

Release Digest: GNU, September 4, 2003

By

Shishi 0.0.4 alpha

Shishi is a (still incomplete) implementation of the Kerberos 5
network authentication system. Shishi can be used to authenticate
users in distributed systems.

Shishi contains a library (‘libshishi’) that can be used by
application developers to add support for Kerberos 5. Shishi
contains a command line utility (‘shishi’) that is used by users to
acquire and manage tickets (and more). The server side, a Key
Distribution Center, is implemented by ‘shishid’. Of course, a
manual documenting usage aspects as well as the programming API is
included.

Shishi currently supports AS/TGS exchanges for acquiring
tickets, the AP exchange for performing client and server
authentication, and SAFE for integrity protected application data
exchanges. Shishi is internationalized; error and status messages
can be translated into the users’ language; user name and passwords
can be converted into any available character set (normally
including ISO-8859-1 and UTF-8) and also be processed using an
experimental Stringprep profile. The des-cbc-md4, des-cbc-md5,
des3-cbc-sha1-kd, aes128-cts-hmac-sha1-96, and
aes256-cts-hmac-sha1-96 encryption types, and the rsa-md4-des,
rsa-md5-des, hmac-sha1-des3-kd, hmac-sha1-96-aes128,
hmac-sha1-96-aes256 checksum types are supported.

Shishi is developed for the GNU/Linux system, but runs on over
20 platforms including most major Unix platforms and Windows, and
many kind of devices including iPAQ handhelds and S/390
mainframes.

Shishi is free software licensed under the GNU Public
License.

The project web page:
http://www.gnu.org/software/shishi/

Here are the compressed sources:
http://josefsson.org/shishi/releases/shishi-0.0.4.tar.gz
(1.8MB)

Here are GPG detached signatures using key 0xB565716F:
http://josefsson.org/shishi/releases/shishi-0.0.4.tar.gz.asc

Here are the MD5 and SHA1 signatures:

e1aa632025f0f604353ed909ec2e031e shishi-0.0.4.tar.gz
de5cab8f4344f7cde19e016e9d76f0a176e7d517 shishi-0.0.4.tar.gz

All noteworthy changes not announced here:

  • Version 0.0.4 (released 2003-08-31)
    • The rsh/rlogin client ‘rsh-redone’ ported to Shishi, by Nicolas
      Pouvesle. The client is located in extra/rsh-redone/. It supports
      authentication and encryption. It interoperate with other
      implementations.
    • Authenticator subkeys are supported, and is used by default in
      AP/TGS. Some KDCs does not understand subkeys in TGS requests, and
      use the session key instead. Shishi detect and work around this
      problem but prints a warning.
    • Simplistic key distribution center (KDC) is working. See the
      Administration Manual for a walk through on how to get it up and
      running.
    • Various API changes.
  • Version 0.0.3 (released 2003-08-22)
    • Documentation fixes.
    • Cleanups.
  • Version 0.0.2 (released 2003-08-17)
    • Command line handling of the ‘shishi’ application rewritten.
      See the (updated) user manual and –help output for the new
      story.
    • It is possible to acquire renewable tickets.
    • Example client and server included. Application data protection
      is not supported, but authentication is demonstrated. The files are
      in src/client.c and src/server.c.
    • New configuration verbs: ‘ticket-life’ and ‘renew-life’.
    • AES ciphers didn’t work when nettle was used.
    • Cleanups, bug fixes and improved portability.
  • Version 0.0.1 (released 2003-08-10)
    • InetUtils copy removed. The patches (also found in
      extra/inetutils.diff) are forwarded upstream.
    • Libidn copy removed. Libidn is optional, but recommended. It is
      used automatically if present on your system.
    • Gettext not included. Due to some conflicts between libtool and
      gettext, if you want i18n on platforms that does not already have a
      useful gettext implementation, you can install GNU gettext before
      building this package. If you don’t care about i18n, this package
      should work fine (except for i18n, of course).
    • Low-level crypto uses nettle if libgcrypt is not installed.
      Libgcrypt is not shipped with Shishi any more, instead a more
      streamlined crypto implementation based on nettle is included.
      Specify –with-libgcrypt to use libgcrypt.
    • Libtasn1 updated and replaced by “minitasn1” from gnutls.
      Specify –with-system-libtasn1 to link with the installed libtasn1,
      if you have it.
    • KDC addresses are now found via DNS SRV RRs as a last resort.
      This is only enabled if libresolv and resolv.h is found on your
      system.
    • Argp and other compatibility files replaced by gl/
      directory.
    • Cleanups, bug fixes and various improvements.
  • Version 0.0.0 (released 2003-06-02)
    • Initial release

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.