logo_kerberos.gif

Difference between revisions of "Release 1.8"

From K5Wiki
Jump to: navigation, search
(Modularity)
Line 21: Line 21:
 
* [[Projects/Crypto_modularity|Crypto modularity]]
 
* [[Projects/Crypto_modularity|Crypto modularity]]
 
* Move toward improved KDB interface
 
* Move toward improved KDB interface
* Improved API for verifying and interrogating authorization data
+
* Improved API for [[Projects/VerifyAuthData|verifying and interrogating authorization data]]
   
 
== Performance ==
 
== Performance ==
   
 
* Investigate and remedy repeatedly-reported performance bottlenecks.
 
* Investigate and remedy repeatedly-reported performance bottlenecks.
* Enhancements to improve concurrency
 
  +
* [[Projects/Encryption performance|Encryption performance]]
** Explicit state
 
** Reduce mutex contention
 
** Support asynchronous APIs and frameworks such as Apple's Grand Central Dispatch; begin refactoring code to make this easier
 
   
 
== End-user experience ==
 
== End-user experience ==
Line 38: Line 35:
 
== Administrator experience ==
 
== Administrator experience ==
   
* More versatile crypto configuration, to simplify migration away from DES
 
  +
* Disable DES by default (1.8)
 
* More versatile [[Projects/Enctype_config_enhancements|crypto configuration]], to simplify migration away from DES
  +
* [[Projects/Lockout|Lockout]] for repeated login failures
  +
* [[Projects/Trace logging|Trace logging]] for easier troubleshooting
   
 
== Protocol evolution ==
 
== Protocol evolution ==

Revision as of 20:42, 14 September 2009

This is the preliminary proposed goal set for the krb5-1.8 release. Please provide comments on the krbdev list. This page organizes the goals by the "guiding principles" listed in the roadmap.

Timeline

This is only an approximate timeline.

  • 2009-09-14 -- "halfway point" feature and integration test
  • 2010-01-04 -- make release branch
  • 2010-03-01 -- final release

Code quality

Modularity

Performance

End-user experience

  • Reduce DNS dependence
    • Love's ccache auxiliary data proposal allows client library to track whether a KDC supports service principal referrals.

Administrator experience

Protocol evolution

  • FAST enhancements
  • Anonymous PKINIT
  • S4U2Self/S4U2Proxy