logo_kerberos.gif

Release 1.11

From K5Wiki
(Difference between revisions)
Jump to: navigation, search
Line 13: Line 13:
 
== Developer experience ==
 
== Developer experience ==
   
* Use default keytab for gss_init_sec_context when available (done)
+
* [[Projects/APIs_for_keytab_and_cccol_content]]
* Importing and exporting of GSS creds (useful for async GSS proxy) (done)
+
* [[Projects/Keytab_initiation]] -- Use default keytab for gss_init_sec_context when available (done)
  +
* [[Projects/Export_import_cred]] -- Importing and exporting of GSS creds (useful for async GSS proxy) (done)
  +
* [[Projects/Interposer_Mechanism]]
  +
* [[Projects/Responder]]
  +
* [[Projects/Password_response_item]]
 
* Documentation consolidation
 
* Documentation consolidation
   
Line 20: Line 20:
   
 
* Documentation consolidation
 
* Documentation consolidation
* Store metadata in the ccache about how a credential was acquired, to improve the user's experience when reacquiring (expecting contribution)
+
* [[Projects/Credential_Store_extensions]] -- Store metadata in the ccache about how a credential was acquired, to improve the user's experience when reacquiring (expecting contribution)
  +
* [[Projects/Extensible_Policy]]
 
* Support distinct client time offsets per realm (expecting contribution)
 
* Support distinct client time offsets per realm (expecting contribution)
   
 
== Administrator experience ==
 
== Administrator experience ==
   
* [[Projects/Trust KDC-local name resolution]]
+
* [[Projects/Keytab_ccache_name_parameters]]
 
* FAST OTP client in libkrb5 (maybe excluding second-level plugins hardware OTP tokens)
 
* FAST OTP client in libkrb5 (maybe excluding second-level plugins hardware OTP tokens)
 
* Documentation consolidation
 
* Documentation consolidation
Line 31: Line 31:
 
== Performance ==
 
== Performance ==
   
* Improve (or eliminate) KDC lookaside cache
+
* Improve (or eliminate) KDC lookaside cache (done)
   
 
== Protocol evolution ==
 
== Protocol evolution ==

Revision as of 17:03, 25 October 2012

Contents

Timeline

This is only an approximate timeline. Dates are subject to change.

  • Oct. 2012 -- make release branch
  • Dec. 2012 -- final release

Code quality

Developer experience

End-user experience

Administrator experience

Performance

  • Improve (or eliminate) KDC lookaside cache (done)

Protocol evolution

  • Authorization data -- conditional on IETF consensus
    • Authorization data container with multiple verifiers (CAMMAC)
    • POSIX directory info in authorization data (PAD)
    • Level of Assurance in authorization data
    • Site-defined string-keyed claims in authorization data
    • X.509 attributes in authorization data
  • FAST preauth sets (e.g. OTP + long-term password)
Personal tools