logo_kerberos.gif

Difference between revisions of "Release 1.8"

From K5Wiki
Jump to: navigation, search
(Protocol evolution)
(Protocol evolution)
Line 44: Line 44:
 
* Anonymous PKINIT
 
* Anonymous PKINIT
 
* S4U2Self/S4U2Proxy
 
* S4U2Self/S4U2Proxy
  +
* Improved API for verifying and interrogating authorization data

Revision as of 01:29, 25 August 2009

This is the preliminary proposed goal set for the krb5-1.8 release. Please provide comments on the krbdev list. This page organizes the goals by the "guiding principles" listed in the roadmap.

Timeline

This is only an approximate timeline.

  • 2009-09-14 -- "halfway point" feature and integration test
  • 2010-01-04 -- make release branch
  • 2010-03-01 -- final release

Code quality

Modularity

Performance

  • Investigate and remedy repeatedly-reported performance bottlenecks.
  • Enhancements to improve concurrency
    • Explicit state
    • Reduce mutex contention
    • Support asynchronous APIs and frameworks such as Apple's Grand Central Dispatch; begin refactoring code to make this easier

End-user experience

  • Reduce DNS dependence
    • Love's ccache auxiliary data proposal allows client library to track whether a KDC supports service principal referrals.

Administrator experience

  • More versatile crypto configuration, to simplify migration away from DES

Protocol evolution

  • FAST enhancements
  • Anonymous PKINIT
  • S4U2Self/S4U2Proxy
  • Improved API for verifying and interrogating authorization data