Difference between revisions of "Release 1.8"
From K5Wiki
(→Modularity) |
|||
| Line 21: | Line 21: | ||
* [[Projects/Crypto_modularity|Crypto modularity]] |
* [[Projects/Crypto_modularity|Crypto modularity]] |
||
* Move toward improved KDB interface |
* Move toward improved KDB interface |
||
| − | * Improved API for verifying and interrogating authorization data |
+ | * Improved API for [[Projects/VerifyAuthData|verifying and interrogating authorization data]] |
== Performance == |
== Performance == |
||
* Investigate and remedy repeatedly-reported performance bottlenecks. |
* Investigate and remedy repeatedly-reported performance bottlenecks. |
||
| − | * Enhancements to improve concurrency |
||
| + | * [[Projects/Encryption performance|Encryption performance]] |
||
| − | ** Explicit state |
||
| − | ** Reduce mutex contention |
||
| − | ** Support asynchronous APIs and frameworks such as Apple's Grand Central Dispatch; begin refactoring code to make this easier |
||
== End-user experience == |
== End-user experience == |
||
| Line 38: | Line 35: | ||
== Administrator experience == |
== Administrator experience == |
||
| ⚫ | |||
| + | * Disable DES by default (1.8) |
||
| ⚫ | |||
| + | * [[Projects/Lockout|Lockout]] for repeated login failures |
||
| + | * [[Projects/Trace logging|Trace logging]] for easier troubleshooting |
||
== Protocol evolution == |
== Protocol evolution == |
||
Revision as of 19:42, 14 September 2009
This is the preliminary proposed goal set for the krb5-1.8 release. Please provide comments on the krbdev list. This page organizes the goals by the "guiding principles" listed in the roadmap.
Contents
Timeline
This is only an approximate timeline.
- 2009-09-14 -- "halfway point" feature and integration test
- 2010-01-04 -- make release branch
- 2010-03-01 -- final release
Code quality
- Move toward test-driven development
- Increase conformance to coding style
- See Coding style/Transition strategies
- "The great reindent"?
- Selective refactoring
Modularity
- Crypto modularity
- Move toward improved KDB interface
- Improved API for verifying and interrogating authorization data
Performance
- Investigate and remedy repeatedly-reported performance bottlenecks.
- Encryption performance
End-user experience
- Reduce DNS dependence
- Love's ccache auxiliary data proposal allows client library to track whether a KDC supports service principal referrals.
Administrator experience
- Disable DES by default (1.8)
- More versatile crypto configuration, to simplify migration away from DES
- Lockout for repeated login failures
- Trace logging for easier troubleshooting
Protocol evolution
- FAST enhancements
- Anonymous PKINIT
- S4U2Self/S4U2Proxy
