logo_kerberos.gif

Release 1.11

From K5Wiki
(Difference between revisions)
Jump to: navigation, search
Line 15: Line 15:
 
* Use default keytab for gss_init_sec_context when available
 
* Use default keytab for gss_init_sec_context when available
 
* Importing and exporting of GSS creds (useful for async GSS proxy) -- expecting contribution
 
* Importing and exporting of GSS creds (useful for async GSS proxy) -- expecting contribution
* Interposition for GSS mechglue
 
 
* Documentation consolidation
 
* Documentation consolidation
   
Line 34: Line 33:
 
== Protocol evolution ==
 
== Protocol evolution ==
   
* Authorization data container with multiple verifiers
+
* Authorization data -- conditional on IETF consensus
* POSIX directory info in authorization data (PAD)
+
** Authorization data container with multiple verifiers (CAMMAC)
* Level of Assurance in authorization data
+
** POSIX directory info in authorization data (PAD)
* Site-defined string-keyed claims in authorization data
+
** Level of Assurance in authorization data
* X.509 attributes in authorization data
+
** Site-defined string-keyed claims in authorization data
  +
** X.509 attributes in authorization data
 
* FAST preauth sets (e.g. OTP + long-term password)
 
* FAST preauth sets (e.g. OTP + long-term password)

Revision as of 21:58, 23 April 2012

Contents

Timeline

This is only an approximate timeline. Dates are subject to change.

  • Oct. 2012 -- make release branch
  • Dec. 2012 -- final release

Code quality

Developer experience

  • Use default keytab for gss_init_sec_context when available
  • Importing and exporting of GSS creds (useful for async GSS proxy) -- expecting contribution
  • Documentation consolidation

End-user experience

  • Documentation consolidation

Administrator experience

Performance

  • Improve (or eliminate) KDC lookaside cache

Protocol evolution

  • Authorization data -- conditional on IETF consensus
    • Authorization data container with multiple verifiers (CAMMAC)
    • POSIX directory info in authorization data (PAD)
    • Level of Assurance in authorization data
    • Site-defined string-keyed claims in authorization data
    • X.509 attributes in authorization data
  • FAST preauth sets (e.g. OTP + long-term password)
Personal tools