. Bug fixes
. Security
. Packaging
The upgrade patch is here:
http://www.columbia.edu/kermit/k95patch.html
Version 1.1.20 fixes the following bugs in 1.1.19:
. VT102 terminal type didn't work
. Failure to make certain Telnet connections
. LOGIN.KSC didn't work without the Dialer
. Wrapping problems with C1 characters in non-ISO-2022 character sets
. IBM 3151 character attributes didn't combine
. MAIL command did not work
. SEND ..\\*.c failed with "unreadable error"
. LOCAL and global variable name conflicts resulted in confusion
. Certain popups not disabled by -# 96 command-line option
. ANSWER 0 improperly timed out
. ANSWER fails to answer call with SET TAPI MODEM-DIALING ON
. RLOGIN Window Size reports are not sent
. Pulse dialing did not work
The following security features were added:
. Telnet Forwarding of X Windows System data via X authorized connections
. Secure Kerberos 5 user-to-user connections
. OpenSSL updated to 0.9.5a (Windows only; OS/2 still at 0.9.4)
. Support for NRL Kerberos (Windows only)
. Kerberos 5 ticket retrieval without embedded IP addresses
. New standalone command-line secure FTP client (K4, K5, SRP, SSL/TLS)
These are explained more fully below.
Kermit 95 1.1.20 will be packaged in a new and attractive slim container.
Here's a preview of the exterior (it folds twice, like a triptych):
http://www.columbia.edu/kermit/k95box.jpg
"Using C-Kermit", 2nd Edition, is still included, but now as a PDF file
rather than a printed book. Furthermore, the new C-Kermit 7.0 CDROM is
included too. The single-copy retail price has been raised from $54.00 USD
to $64.00 USD, the first increase since K95 was first released five years
ago. Bulk right-to-copy and academic site license prices remain steady.
The shrinkwrap price increase reflects increased production costs, but is
partially offset by the lower weight, which reduces shipping charges.
The PDF version of Using C-Kermit is supplied only with new 1.1.20
shrinkwraps. It is not supplied with bulk or academic site licenses or with
patches (since the publisher must be paid for each copy).
The new package (including the C-Kermit 7.0 CDROM) is in manufacturing, and
should be available for shipment in two or three weeks. The new order forms
are here:
http://www.columbia.edu/kermit/k95ofront.html
Unfortunately, we have just about run dry of 1.1.17 kits, so new orders
will have to wait until the new kits arrive.
NEW SECURITY FEATURES
All of the following items are supported in 1.1.20 only after the
latest cryptography patch has been applied (which is available only in the
USA and Canada due to USA export restrictions):
http://www.columbia.edu/kermit/k95patch.html#crypto
The cryptography patch is applied after the main patch. Third-party
libraries must be obtained separately, as noted in security.html (reference
below).
Telnet Forward-X:
Kermit 95 1.1.20 is the first secure Telnet client to implement the Telnet
Forward-X Option (Telnet Forwarding of Authorized X Windows System Session
Data over Secure Connections). From now on when Kermit 95 is used to
establish a secure connection to a Telnet Server supporting this option, all
data transmitted between X clients and X servers will be protected using the
same level of security established for the Telnet session. No longer will
you have to switch to using SSH and its weaker authentication methods simply
to maintain the privacy and integrity of your X Windows System data.
The Telnet Forward-X option:
. Can be used in conjunction with all forms of secure Telnet
connections including (but no limited to) Kerberos 4, Kerberos 5,
Secure Remote Password, and Transport Layer Security.
. Is compatible with all forms of X Authorization data. Unlike SSH
X Windows System tunneling, Telnet FORWARD-X can support strong
authorization methods such as XDM-AUTHORIZATION-1 and
MIT-KERBEROS-5.
As of this announcement, Telnet Forward-X is available in the START_TLS
Telnet for Unix distribution from Peter Runestig:
ftp://ftp.runestig.com/pub/starttls/start_tls-telnet.current.tar.gz
Telnet Forward-X will also be supported by forthcoming releases of MIT
Kerberos 5.
Kermit Secure FTP Client (Windows only):
Kermit 95 1.1.20 is the first Kermit product to provide FTP client
functionality. This pre-1.0 release is a command line only FTP client that
is designed to support all of the authentication methods supported by Kermit
95 for Telnet including: Kerberos 4, GSSAPI - Kerberos 5, Secure Remote
Password, and SSL/TLS.
Additional Kerberos 5 Features:
Kermit 95 1.1.20 is the first Kermit product to support Kerberos 5 User-to-
User authentication, allowing two Kermit users to establish secure data
connections without requiring the administrative permissions necessary to
configure a Kerberos server principal and associated keytab databases.
Kermit 95 1.1.20 is the first Kermit product compatible with the Naval
Research Labs' Kerberos 5 distribution for Windows and hardware
authentication devices such as SecureID.
Kermit 95 1.1.20 provides configuration options to remove all IP Address
information from Kerberos 5 tickets to allow those tickets to be used to
authenticate a client across a Network Address Translator.
For more information about K95's security features, see:
http://www.columbia.edu/kermit/security.html
If you have any problems with the patch or the new version, send email to:
So what next? Plans are spelled out here:
http://www.columbia.edu/kermit/k95next.html
Jeff Altman, Frank da Cruz
The Kermit Project
Columbia University
New York City