logo_kerberos.gif

Difference between revisions of "Release 1.12"

From K5Wiki
Jump to: navigation, search
(New page: == Timeline == This is only an approximate timeline. Dates are subject to change. * Oct. 2013 -- make release branch * Dec. 2013 -- final release == Code quality == == Developer experi...)
 
Line 7: Line 7:
   
 
== Code quality ==
 
== Code quality ==
  +
  +
* Additional KDC refactoring
   
 
== Developer experience ==
 
== Developer experience ==
  +
  +
* [[Projects/Local authentication pluggable interface]]
  +
* Make progress toward [[Projects/Kernel-friendly_GSS_subset]]
   
 
== End-user experience ==
 
== End-user experience ==
  +
  +
* Reduce DNS-related difficulties with service principal names
   
 
== Administrator experience ==
 
== Administrator experience ==
   
 
* [[Projects/Trust_KDC-local_name_resolution]]
 
* [[Projects/Trust_KDC-local_name_resolution]]
  +
* [[Projects/Policy refcount elimination]]
  +
* [[Projects/OTPOverRADIUS]]
   
 
== Performance ==
 
== Performance ==
  +
  +
* AES-NI support for built-in crypto back end
   
 
== Protocol evolution ==
 
== Protocol evolution ==
   
  +
* Ticket flag to signal KDC support for resolving aliases
 
* Authorization data -- conditional on IETF consensus
 
* Authorization data -- conditional on IETF consensus
 
** Authorization data container with multiple verifiers (CAMMAC)
 
** Authorization data container with multiple verifiers (CAMMAC)

Revision as of 15:09, 8 April 2013

Timeline

This is only an approximate timeline. Dates are subject to change.

  • Oct. 2013 -- make release branch
  • Dec. 2013 -- final release

Code quality

  • Additional KDC refactoring

Developer experience

End-user experience

  • Reduce DNS-related difficulties with service principal names

Administrator experience

Performance

  • AES-NI support for built-in crypto back end

Protocol evolution

  • Ticket flag to signal KDC support for resolving aliases
  • Authorization data -- conditional on IETF consensus
    • Authorization data container with multiple verifiers (CAMMAC)
    • POSIX directory info in authorization data (PAD)
    • Level of Assurance in authorization data
    • Site-defined string-keyed claims in authorization data
    • X.509 attributes in authorization data
  • FAST preauth sets (e.g. OTP + long-term password)