Kerberos V5 Y2K Compliance Statement MIT is committed to assuring that its Kerberos V5 reference implementation is Y2K compliant. To that end, we have audited our codebase looking for Y2K problems, and have fixed those problems which we have found. These fixes are NOT in the most recent 1.0 release as of this writing, which is Kerberos V5 release 1.0.5. Hence, the currently publically available 1.0 version of Kerberos V5 is *NOT* Y2K compliant. We intend to include these fixes in the next version (Kerberos V5 1.0.6), which should be released shortly. The Y2K bugs discovered in the 1.0.5 release were not especially significant. None of the bugs caused security breaches, or would cause the Kerberos authentication process to fail. In addition no problems were found in the Kerberos and GSSAPI library functions which would be used by client/server applications programs. Most of the Y2K issues were in how the year field timestamp of Kerberos server log files would be printed (i.e., 99, 100, 101 instead of 1999, 2000, 2001), in particular in the Kerberos V4 compatibility server. The most serious bug found was in date string parsing used for options; this would prevent kinit's -s (start-time) option from correctly parsing dates in 21st century (although specifying just a time and no date would work correctly), and it would prevent the KDC configuration file code from parsing the default principal expiration date in the 21st centry. Neither of these features are commonly used. There was also a problem in the gss-ftp code. This Y2K bug would have caused the non-standard MDTM ftp protocol element to fail, thus preventing the non-standard ftp restart functionality from working properly. Standard ftp uploads and downloads would continue to work. This Y2K bug was inherited from the BSD ftp/ftpd programs. All of the above problems will be addressed in the 1.0.6 release. That being said, please note the following caveats: 1) Kerberos V5 depends on the Y2K compliance of the underlying hardware and operating system on which is running. In particular, the ANSI standard C library functions must be Y2K compliant. 2) MIT makes the Kerberos V5 reference implementation available for use at no cost as a public service. Since we make no money (and yet invest much developer time) in making public releases of Kerberos V5 available, we can not be held liable if you sustain any losses as a result of using Kerberos V5, either due to Y2K bugs or any other problems. Please note in particular the following excerpt from our Copyright Permission Notice: M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. That being said, we use Kerberos V5 in-house, and we have every intention to continue business operations past the year 2000. Since Kerberos V5 is used to authenticate our SAP R/3 accounting system, you may be sure that we treat Kerberos V5's continued operation over the millenial transition with great seriousness.