[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

conserver 7.2.4 is available

Bryan Stansell bryan@conserver.com
Mon, 14 Oct 2002 14:20:33 -0700 (PDT)


I've decided to go ahead and release 7.2.4 as it stands (there have
been a couple changes since the 7.2.4-beta1 patch).  There are a couple
of reasons for this.

First, the build issues with regard to shadow password support just
made my stomach turn - I really goofed there and getting a working
version out makes me much calmer.

Second, there are some major changes necessary for the OpenSSL code to
really work like I would want.  7.2.4 gives you basic console
encryption without breaking any backwards-compatibility with older
clients and servers (assuming you use the -E flag).  It doesn't,
however, encrypt things like 'console -w' output, and, even worse,
'console -q' (which could send the root password).  To fix these
things, I'm going to have to change the client-server protocol to such
an extent that it will break backwards-compatibility and I figured I'd
take conserver from 7.2.4 to 7.3.0 when doing so.

The good news, however, is that encryption and certificates do work
(for me, at least).  I've provided my script (contrib/maketestcerts) to
show how I created and tested things.  Even without certificates, the
encryption will be negotiated and things will look like garbage on the
wire.

Check the man pages for details on the new features.  If anyone finds
any problems, please let me know.  I'm sure there will be some
compatibility issues with platforms like HP-UX/64-bit and AIX (there
always are), but I'd love to work through them with you and find a
solid fix.

And, for the official record, all the changes in this release...

version 7.2.4 (Oct 14, 2002):
        - added --with-openssl for some client/server encryption
        - added -E option to client and server to allow for non-encrypted
          connections (encryption is the default if compiled in)
        - added -c option so credentials (certificate and key) can be
          exchanged between client and server
        - expanded -V output to show what optional bits actually got
          compiled into the code (libwrap, regex, etc)
        - compilation errors on non-shadow file systems without using
          --with-pam - reported by Jesper Frank Nemholt <jfn@dassic.com>
        - client now prefers $LOGNAME, then $USER, then the current uid
          for its -l default - suggested by Dave Stuit <djs@tellme.com>
        - putting back socklen_t usage - it's the right thing to do,
          so tell me where it breaks things
        - configure options --with-cffile and --with-pwdfile now
          recognize fully-qualified pathnames - suggested by Kjell
          Andresen <kjell.andresen@usit.uio.no>

Bryan Stansell