source: trunk/third/krb5/README @ 17533

Revision 17533, 26.2 KB checked in by rbasch, 23 years ago (diff)
This commit was generated by cvs2svn to compensate for changes in r17532, which included commits to RCS files with non-trunk default branches.
Line 
1
2                  Kerberos Version 5, Release 1.2.5
3
4                            Release Notes
5
6                        The MIT Kerberos Team
7
8Unpacking the Source Distribution
9---------------------------------
10
11The source distribution of Kerberos 5 comes in a gzipped tarfile,
12krb5-1.2.5.tar.gz.  Instruction on how to extract the entire
13distribution follow.  These directions assume that you want to extract
14into a directory called DIST.
15
16If you have the GNU tar program and gzip installed, you can simply do:
17
18        mkdir DIST
19        cd DIST
20        gtar zxpf krb5-1.2.5.tar.gz
21
22If you don't have GNU tar, you will need to get the FSF gzip
23distribution and use gzcat:
24
25        mkdir DIST
26        cd DIST
27        gzcat krb5-1.2.5.tar.gz | tar xpf -
28
29Both of these methods will extract the sources into DIST/krb5-1.2.5/src
30and the documentation into DIST/krb5-1.2.5/doc.
31
32Building and Installing Kerberos 5
33----------------------------------
34
35The first file you should look at is doc/install-guide.ps; it contains
36the notes for building and installing Kerberos 5.  The info file
37krb5-install.info has the same information in info file format.  You
38can view this using the GNU emacs info-mode, or by using the
39standalone info file viewer from the Free Software Foundation.  This
40is also available as an HTML file, install.html.
41
42Other good files to look at are admin-guide.ps and user-guide.ps,
43which contain the system administrator's guide, and the user's guide,
44respectively.  They are also available as info files
45kerberos-admin.info and krb5-user.info, respectively.  These files are
46also available as HTML files.
47
48If you are attempting to build under Windows, please see the
49src/windows/README file.
50
51Reporting Bugs
52--------------
53
54Please report any problems/bugs/comments using the krb5-send-pr
55program.  The krb5-send-pr program will be installed in the sbin
56directory once you have successfully compiled and installed Kerberos
57V5 (or if you have installed one of our binary distributions).
58
59If you are not able to use krb5-send-pr because you haven't been able
60compile and install Kerberos V5 on any platform, you may send mail to
61krb5-bugs@mit.edu.
62
63Notes, Major Changes, and Known Bugs for 1.2.5
64----------------------------------------------
65
66Major Changes:
67
68* On MacOS X, we have reviewed the list of exported symbol names.  As
69  in earlier MacOS releases, and the Windows releases, but unlike the
70  UNIX releases, the list of exported names accessible to applications
71  is reduced to a predefined set of symbols.  We are attempting to
72  define a "stable" subset of the API we feel confident about
73  providing, as opposed to giving applications access to half of the
74  packet-manipulation functions we have.
75
76  In future releases, we may investigate applying a similar export
77  list under some UNIX shared library implementations.
78
79  If a function you use is not exported, we probably figured it was
80  functionality that should be internal to the library, or something
81  that should be done with a different interface, or something we
82  didn't know anyone was using at the moment and thought we'd like to
83  clean up the interface later on.  If you need it, and there isn't a
84  cleaner way, contact us about getting it added back in to the export
85  list.
86
87  A few things are marked "deprecated" in the header file, but will
88  continue to be provided under "#if KRB5_DEPRECATED" because even
89  though they're ugly, we also know they're in use and we can't phase
90  them out fast enough.  We may replace the implementation later on
91  with a shim on top of some cleaner mechanism.
92
93* For Heimdal (and possibly Microsoft) compatibility, we now accept
94  encrypted delegated credentials in gssapi.  Historically, the MIT
95  implementation has sent delegated gssapi credentials "in the clear",
96  but still encrypted in the AP-REQ.
97
98* IP address checks have been removed from rd_cred; this improves
99  compatibility with Heimdal.
100
101Minor changes:
102
103* A null pointer dereference in the krb5 library has been fixed.
104
105Known bugs:
106
107* Most of the other known bugs from 1.2.3 and 1.2.4 are unchanged.
108
109Notes, Major Changes, and Known Bugs for 1.2.4
110----------------------------------------------
111
112Notes:
113
114* Like the 1.2.3 release, this is a patch release.  One critical login
115  problem is fixed, and a problem with interoperability with
116  Microsoft software is worked around.
117
118Major Changes:
119
120* The one-character bug introduced into the login.krb5 program that
121  caused 8-character usernames to be rejected in some circumstances
122  has been fixed.
123
124* The handling of key version numbers has been modified in places.
125  The current formats of the keytab and srvtab files, as well as parts
126  of the remote kadmin protocol, handle key version numbers as 8-bit
127  quantities, when in fact they are 32-bit quantities.
128
129  * In the keytab and srvtab support for krb5, searching for the
130    "highest numbered" key version now has some heuristics to deal
131    with the 8-bit kvno wrapping from 255 to 0 to 1....  If a kvno
132    greater than 240 is found, the kvno values are assumed to range
133    from 128 to 383 (127+256).  This should handle cases like storing
134    kvno values 255 and 256 in the file.
135
136  * In the keytab and srvtab support for krb5, when looking for a key
137    with a specific version number, the low 8 bits of the requested
138    kvno are compared against the value stored in the file.
139
140  * The "ktutil" program also has a new heuristic for choosing the
141    "highest numbered" key in a keytab to be written out into a krb4
142    srvtab file.
143
144  These heuristics all assume that key version numbers will be
145  assigned sequentially, and that there will not be a large set of key
146  version numbers in use at one time for any given principal in a
147  keytab file.
148
149  These changes were prompted by the discovery by Microsoft (while
150  trying to write tools to generate MIT-style keytab files) that we
151  could not store arbitrary 32-bit version numbers for keys.
152
153* Some issues with multiple enctype support in GSSAPI credential
154  forwarding have been fixed.
155
156Minor Changes:
157
158* A few compilation problems have been fixed.
159
160* New test cases have been added to the test suite to exercise some of
161  the new changes.
162
163Known Bugs:
164
165* Non-sequential key version numbering will confuse the new kvno
166  handling heuristics.
167
168* Long-standing but newly recognized:
169
170  * The remote kadmin protocol will produce incorrect results when key
171    version numbers greater than 255 are being retrieved or stored.
172    The kadmin.local program does not suffer from this problem.
173
174  * We do not support storing multiple key versions for a principal in
175    a srvtab file.
176
177  * We do not support acquiring krb4 tickets using a srvtab or keytab
178    file without acquiring krb5 tickets at the same time (i.e., the
179    old krb4 "ksrvtgt" program).
180
181* most of the other known bugs from 1.2.3
182
183Notes, Major Changes, and Known Bugs for 1.2.3
184----------------------------------------------
185
186Notes:
187
188* This release is a patch release; some non-critical bugs and feature
189  requests have not been incorporated.  We have focussed mainly on
190  important security fixes and usability fixes.
191
192Major Changes:
193
194* Certain problems with shared library builds have been eliminated or
195  reduced on Linux and HP-UX.
196
197* Various bugs in single-DES enctype similarity have been fixed; the
198  1.0.x behavior of treating all single-DES enctype as equivalent has
199  been restored for now.  This may go away in a future release.  Note
200  that SUPPORT_DESMD5 will be treated as always false for now.
201
202* The KDC will now log a number of enctype parameters associated with
203  KDC requests, in order to allow easier debugging of enctype-related
204  problems.
205
206* A client will no longer attempt obtain a forwarded TGT with a
207  session key enctype that the target server won't understand.
208
209* Triple-DES should work on Windows now.  The SHA-1 implementation had
210  a Windows-specific bug preventing it from working in most cases.
211
212* Various bugs in pty handling have been fixed.
213
214* Bogus utmp files with garbage characters in their names should not
215  get created on Solaris.  Also, utmp/wtmp handling code has been
216  mostly rewritten, eliminating numerous bugs.
217
218* Potential buffer-overrun problems and null-pointer dereferences have
219  been fixed in ftpd, telnetd, login.krb5, and SHA-1.  The first three
220  may be exploitable under certain conditions; the SHA-1 bug probably
221  isn't, as far as we know.
222
223* For multiple-hop interrealm authentication, the realm transit path
224  checking has been rewritten.  The old code had a serious bug where
225  some of the transited realms may not have been checked against the
226  computed path.  It was therefore possible to forge a remote client
227  name in certain cases.  We strongly recommend updating application
228  server code where non-local principals may be found on ACLs.
229
230* In conjunction with the above fix, we've implemented KDC checking of
231  the realm transit path, as described in the IETF's current
232  kerberos-revisions draft, and set up the KDC to refuse to issue
233  tickets with unacceptable transit paths.  (Strictly speaking,
234  according to the Kerberos specification, enforcement of these checks
235  is supposed to be left to the application servers.)  Thus, if your
236  application servers can't be updated promptly but your KDC can, you
237  can still prevent such tickets from being issued.  This checking is
238  controlled by a per-realm flag, and is enabled by default.
239
240* On AIX systems, the rlogin server should no longer hang when
241  control-C is pressed.
242
243* New databases will be created in btree format by default.  We
244  believe the btree code to be less buggy than the hash format code we
245  have been using.  This should not affect the use of any existing
246  databases, only newly created ones, and even that should be a
247  transparent change.
248
249Known Bugs:
250
251* There may be problems with running a KDC on 64-bit platforms
252  (environments where size_t and long are wider than 32 bits, such as
253  alpha/Tru64, or Solaris/SPARC in SPARCv9 mode, for example), as
254  indicated by the util/db2 tests not passing.  These problems may
255  also extend to the rpc library, which may prevent the kadmin
256  protocol from functioning.  These are being investigated.
257
258* ETYPE_INFO preauthentication data returned from the KDC are not
259  sorted in the order requested by the client.  This may result in
260  preauthentication failure when encrypted timestamp preauthentication
261  is required but the client doesn't understand some of the enctypes
262  of the keys stored for it in the database.
263
264* The gssftp daemon and client, when running in krb4 mode, are
265  inconsistent with respect to port numbers passed to the
266  {mk,rd}_{priv,safe} functions.  As a result, there is a small but
267  nonzero probability that krb4 ftp with client and server on the same
268  IP address will fail with a "Time is out of bounds" error.  This
269  includes the tests/dejagnu test suite, which tests the krb4 ftp
270  functionality.  The probability of this occuring seems to be less
271  than 50%.
272
273* The gss-sample test application suite is known to not communicate
274  with the gss-sample suite in 1.1.x and earlier releases.  This is
275  the result of changes to gss-sample to increase its functionality;
276  fixes to allow for backwards compatibility will occur in a later
277  release.
278
279* BSD/OS 4.x may have some problems compiling.  These are being
280  investigated.
281
282Notes, Major Changes, and Known Bugs for 1.2.2
283----------------------------------------------
284
285Notes:
286
287* This release is a patch release; some non-critical bugs and feature
288  requests have not been incorporated.
289
290Major Changes:
291
292* The KDC dump format has been updated to include per-principal policy
293  information.  This will require updating your slave KDCs before your
294  master if you want things to still work.
295
296* A library bug that prevented kprop from working properly with DES3
297  keys has been fixed.
298
299* kpasswd should no longer coredump when there is no kadmin_server
300  line in krb5.conf.
301
302* ASN.1 parsing has been improved to deal with indefinite encodings,
303  such as those emitted by DCE-1.0 derived systems.
304
305* Preauthentication handling code in the initial ticket APIs has been
306  fixed to handle zero-length ETYPE_INFO sequences without causing a
307  NULL pointer dereference.
308
309* The replay cache should no longer leak temporary files.  Related
310  hard-to-analyze filename bugs in the rcache code should also be
311  fixed.
312
313* Library builds should now work on AIX.
314
315* KDC local address search code should now work on AIX.
316
317* The yacc grammar for the ftp daemon has been modified to be
318  compilable on HP/UX with Bison; namespace pollution from system
319  headers was causing trouble before.
320
321Known Bugs:
322
323* The gss-sample test application suite is known to not communicate
324  with the gss-sample suite in 1.1.x and earlier releases.  This is
325  the result of changes to increase functionality; fixes to allow for
326  backwards compatibility will occur in a later release.
327
328* Handling of utmp and utmpx updates is known to be broken on some
329  systems, such as Solaris 8.  We are investigating possible solutions
330  to this problem.
331
332* Tru64 Unix 5.0 (aka OSF/1 5.0), at least, has some problems with
333  revoke() returning ENOTTY in open_slave in the pty library.  One
334  possible workaround is to insert
335
336        vfs:
337                revoke_tty_only = 0
338
339  in /etc/sysconfigtab.  It is not known whether this workaround will
340  cause other problems.
341
342* BSD/OS 4.x may have some problems compiling.  These are being
343  investigated.
344
345Notes, Major Changes, and Known Bugs for 1.2.1 and 1.2
346------------------------------------------------------
347
348* Triple DES support, for session keys as well as user or service
349  keys, should be nearly complete in this release.  Much of the work
350  that has been needed is generic multiple-cryptosystem support, so
351  the addition of another cryptosystem should be much easier.
352
353  * GSSAPI support for 3DES has been added.  An Internet Draft is
354    being worked on that will describe how this works; it is not
355    currently standardized.  Some backwards-compatibility issues in
356    this area mean that enabling 3DES support must be done with
357    caution; service keys that are used for GSSAPI must not be updated
358    to 3DES until the services themselves are upgraded to support 3DES
359    under GSSAPI.
360
361* DNS support for locating KDCs is enabled by default.  DNS support
362  for looking up the realm of a host is compiled in but disabled by
363  default (due to some concerns with DNS spoofing).
364
365  We recommend that you publish your KDC information through DNS even
366  if you intend to rely on config files at your own site; otherwise,
367  sites that wish to communicate with you will have to keep their
368  config files updated with your information.  One of the goals of
369  this code is to reduce the client-side configuration maintenance
370  requirements as much as is possible, without compromising security.
371
372  See the administrator's guide for information on setting up DNS
373  information for your realm.
374
375  One important effect of this for developers is that on many systems,
376  "-lresolv" must be added to the compiler command line when linking
377  Kerberos programs.
378
379  Configure-time options are available to control the inclusion of the
380  DNS code and the setting of the defaults.  Entries in krb5.conf will
381  also modify the behavior if the code has been compiled in.
382
383* Numerous buffer-overrun problems have been found and fixed.  Many of
384  these were in locations we don't expect can be exploited in any
385  useful way (for example, overrunning a buffer of MAXPATHLEN bytes if
386  a compiled-in pathname is too long, in a program that has no special
387  privileges).  It may be possible to exploit a few of these to
388  compromise system security.
389
390* Partial support for IPv6 addresses has been added.  It can be
391  enabled or disabled at configure time with --enable-ipv6 or
392  --disable-ipv6; by default, the configure script will search for
393  certain types and macros, and enable the IPv6 code if they're found.
394  The IPv6 support at this time mostly consists of including the
395  addresses in credentials.
396
397* A protocol change has been made to the "rcmd" suite (rlogin, rsh,
398  rcp) to address several security problems described in Kris
399  Hildrum's paper presented at NDSS 2000.  New command-line options
400  have been added to control the selection of protocol, since the
401  revised protocol is not compatible with the old one.
402
403* A security problem in login.krb5 has been fixed.  This problem was
404  only present if the krb4 compatibility code was not compiled in.
405
406* A security problem with ftpd has been fixed.  An error in the in the
407  yacc grammar permitted potential root access.
408
409* The client programs kinit, klist and kdestroy have been changed to
410  incorporate krb4 support.  New command-line options control whether
411  krb4 behavior, krb5 behavior, or both are used.
412
413* Patches from Frank Cusack for much better hardware preauth support
414  have been incorporated.
415
416* Patches from Matt Crawford extend the kadmin ACL syntax so that
417  restrictions can be imposed on what certain administrators may do to
418  certain accounts.
419
420* A KDC on a host with multiple network addresses will now respond to
421  a client from the address that the client used to contact it.  The
422  means used to implement this will however cause the KDC not to
423  listen on network addresses configured after the KDC has started.
424
425Minor changes
426-------------
427
428* The shell code for searching for the Tcl package at configure time
429  has been modified.  If a tclConfig.sh can be found, the information
430  it contains is used, otherwise the old searching method is tried.
431  Let us know if this new scheme causes any problems.
432
433* Shared library builds may work on HPUX, Rhapsody/MacOS X, and newer
434  Alpha systems now.
435
436* The Windows build will now include kvno and gss-sample.
437
438* The routine krb5_secure_config_files has been disabled.  A new
439  routine, krb5_init_secure_context, has been added in its place.
440
441* The routine decode_krb5_ticket is now being exported as
442  krb5_decode_ticket.  Any programs that used the old name (which
443  should be few) should be changed to use the new name; we will
444  probably eliminate the old name in the future.
445
446* The CCAPI-based credentials cache code has been changed to store the
447  local-clock time of issue and expiration rather than the KDC-clock
448  times.
449
450* On systems with large numbers of IP addresses, "kinit" should do a
451  better job of acquiring those addresses to put in the user's
452  credentials.
453
454* Several memory leaks in error cases in the gssrpc code have been
455  fixed.
456
457* A bug with login clobbering some internal static storage on AIX has
458  been fixed.
459
460* Per-library initialization and cleanup functions have been added,
461  for use in configurations that dynamically load and unload these
462  libraries.
463
464* Many compile-time warnings have been fixed.
465
466* The GSS sample programs have been updated to exercise more of the
467  API.
468
469* The telnet server should produce a more meaningful error message if
470  authentication is required but not provided.
471
472* Changes have been made to ksu to make it more difficult to use it to
473  leak information the user does not have access to.
474
475* The sample config file information for the CYGNUS.COM realm has been
476  updated, and the GNU.ORG realm has been added.
477
478* A configure-time option has been added to enable a replay cache in
479  the KDC.  We recommend its use when hardware preauthentication is
480  being used.  It is enabled by default, and can be disabled if
481  desired with the configure-time option --disable-kdc-replay-cache.
482
483* Some new routines have been added to the library and krb5.h.
484
485* A new routine has been added to the prompter interface to allow the
486  application to determine which of the strings prompted for is the
487  user's password, in case it is needed for other purposes.
488
489* The remote kadmin interface has been enhanced to support the
490  specification of key/salt types for a principal.
491
492* New keytab entries' key values can now be specified manually with a
493  new command in the ktutil program.
494
495* A longstanding bug where certain krb4 exchanges using the
496  compatibility library between systems with different byte orders
497  would fail half the time has been fixed.
498
499* A source file under the GPL has been replaced with an equivalent
500  under the BSD license.  The file, strftime.c, was part of one of the
501  OpenVision admin system applications, and was only used on systems
502  that don't have strftime() in their C libraries.
503
504* Many bug reports are still outstanding in our database.  We are
505  continuing to work on this backlog.
506
507
508Copyright Notice and Legal Administrivia
509----------------------------------------
510
511Copyright (C) 1985-2001 by the Massachusetts Institute of Technology.
512
513All rights reserved.
514
515Export of this software from the United States of America may require
516a specific license from the United States Government.  It is the
517responsibility of any person or organization contemplating export to
518obtain such a license before exporting.
519
520WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
521distribute this software and its documentation for any purpose and
522without fee is hereby granted, provided that the above copyright
523notice appear in all copies and that both that copyright notice and
524this permission notice appear in supporting documentation, and that
525the name of M.I.T. not be used in advertising or publicity pertaining
526to distribution of the software without specific, written prior
527permission.  Furthermore if you modify this software you must label
528your software as modified software and not distribute it in such a
529fashion that it might be confused with the original MIT software.
530M.I.T. makes no representations about the suitability of this software
531for any purpose.  It is provided "as is" without express or implied
532warranty.
533
534THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
535IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
536WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
537
538Individual source code files are copyright MIT, Cygnus Support,
539OpenVision, Oracle, Sun Soft, FundsXpress, and others.
540
541Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
542and Zephyr are trademarks of the Massachusetts Institute of Technology
543(MIT).  No commercial use of these trademarks may be made without
544prior written permission of MIT.
545
546"Commercial use" means use of a name in a product or other for-profit
547manner.  It does NOT prevent a commercial firm from referring to the
548MIT trademarks in order to convey information (although in doing so,
549recognition of their trademark status should be given).
550
551----
552
553The following copyright and permission notice applies to the
554OpenVision Kerberos Administration system located in kadmin/create,
555kadmin/dbutil, kadmin/passwd, kadmin/server, lib/kadm5, and portions
556of lib/rpc:
557
558   Copyright, OpenVision Technologies, Inc., 1996, All Rights Reserved
559
560   WARNING: Retrieving the OpenVision Kerberos Administration system
561   source code, as described below, indicates your acceptance of the
562   following terms.  If you do not agree to the following terms, do not
563   retrieve the OpenVision Kerberos administration system.
564
565   You may freely use and distribute the Source Code and Object Code
566   compiled from it, with or without modification, but this Source
567   Code is provided to you "AS IS" EXCLUSIVE OF ANY WARRANTY,
568   INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR
569   FITNESS FOR A PARTICULAR PURPOSE, OR ANY OTHER WARRANTY, WHETHER
570   EXPRESS OR IMPLIED.  IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY
571   FOR ANY LOST PROFITS, LOSS OF DATA OR COSTS OF PROCUREMENT OF
572   SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR
573   CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, INCLUDING,
574   WITHOUT LIMITATION, THOSE RESULTING FROM THE USE OF THE SOURCE
575   CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR ANY
576   OTHER REASON.
577
578   OpenVision retains all copyrights in the donated Source Code. OpenVision
579   also retains copyright to derivative works of the Source Code, whether
580   created by OpenVision or by a third party. The OpenVision copyright
581   notice must be preserved if derivative works are made based on the
582   donated Source Code.
583
584   OpenVision Technologies, Inc. has donated this Kerberos
585   Administration system to MIT for inclusion in the standard
586   Kerberos 5 distribution.  This donation underscores our
587   commitment to continuing Kerberos technology development
588   and our gratitude for the valuable work which has been
589   performed by MIT and the Kerberos community.
590
591----
592
593    Portions contributed by Matt Crawford <crawdad@fnal.gov> were
594    work performed at Fermi National Accelerator Laboratory, which is
595    operated by Universities Research Association, Inc., under
596    contract DE-AC02-76CHO3000 with the U.S. Department of Energy.
597
598Acknowledgements
599----------------
600
601Appreciation Time!!!!  There are far too many people to try to thank
602them all; many people have contributed to the development of Kerberos
603V5.  This is only a partial listing....
604
605Thanks to Paul Vixie and the Internet Software Consortium for funding
606the work of Barry Jaspan.  This funding was invaluable for the OV
607administration server integration, as well as the 1.0 release
608preparation process.
609
610Thanks to John Linn, Scott Foote, and all of the folks at OpenVision
611Technologies, Inc., who donated their administration server for use in
612the MIT release of Kerberos.
613
614Thanks to Jeff Bigler, Mark Eichin, Marc Horowitz, Nancy Gilman, Ken
615Raeburn, and all of the folks at Cygnus Support, who provided
616innumerable bug fixes and portability enhancements to the Kerberos V5
617tree.  Thanks especially to Jeff Bigler, for the new user and system
618administrator's documentation.
619
620Thanks to Doug Engert from ANL for providing many bug fixes, as well
621as testing to ensure DCE interoperability.
622
623Thanks to Ken Hornstein at NRL for providing many bug fixes and
624suggestions.
625
626Thanks to Matt Crawford at FNAL for bugfixes and enhancements.
627
628Thanks to Sean Mullan and Bill Sommerfeld from Hewlett Packard for
629their many suggestions and bug fixes.
630
631Thanks to Nalin Dahyabhai of RedHat and Chris Evans for locating and
632providing patches for numerous buffer overruns.
633
634Thanks to Christopher Thompson and Marcus Watts for discovering the
635ftpd security bug.
636
637Thanks to the members of the Kerberos V5 development team at MIT, both
638past and present: Danilo Almeida, Jay Berkenbilt, Richard Basch, Mitch
639Berger, John Carr, Don Davis, Alexandra Ellwood, Nancy Gilman, Matt
640Hancher, Sam Hartman, Paul Hill, Marc Horowitz, Eva Jacobus, Miroslav
641Jurisic, Barry Jaspan, Geoffrey King, John Kohl, Peter Litwack, Scott
642McGuire, Kevin Mitchell, Cliff Neuman, Paul Park, Ezra Peisach, Chris
643Provenzano, Ken Raeburn, Jon Rochlis, Jeff Schiller, Jen Selby, Brad
644Thompson, Harry Tsai, Ted Ts'o, Marshall Vale, Tom Yu.
Note: See TracBrowser for help on using the repository browser.