Difference between revisions of "Release 1.8"
From K5Wiki
(→Protocol evolution) |
|||
(15 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
− | This is the |
+ | This is the feature set for the '''krb5-1.8 release'''. This page organizes the goals by the "guiding principles" listed in the [[Roadmap|roadmap]]. |
== Timeline == |
== Timeline == |
||
Line 5: | Line 5: | ||
This is only an approximate timeline. |
This is only an approximate timeline. |
||
− | * 2009- |
+ | * 2009-10-06 -- "halfway point" feature and integration test |
* 2010-01-04 -- make release branch |
* 2010-01-04 -- make release branch |
||
* 2010-03-01 -- final release |
* 2010-03-01 -- final release |
||
Line 14: | Line 14: | ||
* Increase conformance to coding style |
* Increase conformance to coding style |
||
** See [[Coding style/Transition strategies]] |
** See [[Coding style/Transition strategies]] |
||
− | ** "The great reindent" |
+ | ** "[[Coding style/Reindenting|The great reindent]]" |
** Selective refactoring |
** Selective refactoring |
||
Line 21: | Line 21: | ||
* [[Projects/Crypto_modularity|Crypto modularity]] |
* [[Projects/Crypto_modularity|Crypto modularity]] |
||
* Move toward improved KDB interface |
* Move toward improved KDB interface |
||
+ | * Improved API for [[Projects/VerifyAuthData|verifying and interrogating authorization data]] |
||
== Performance == |
== Performance == |
||
* Investigate and remedy repeatedly-reported performance bottlenecks. |
* Investigate and remedy repeatedly-reported performance bottlenecks. |
||
− | * Enhancements to improve concurrency |
||
+ | * [[Projects/Encryption performance|Encryption performance]] |
||
− | ** Explicit state |
||
− | ** Reduce mutex contention |
||
− | ** Support asynchronous APIs and frameworks such as Apple's Grand Central Dispatch; begin refactoring code to make this easier |
||
== End-user experience == |
== End-user experience == |
||
Line 37: | Line 35: | ||
== Administrator experience == |
== Administrator experience == |
||
⚫ | |||
+ | * Disable DES by default (1.8) |
||
⚫ | |||
+ | * [[Projects/Lockout|Lockout]] for repeated login failures |
||
+ | * [[Projects/HDBBridge|HDBBridge]] so an MIT KDC can read a Heimdal database |
||
== Protocol evolution == |
== Protocol evolution == |
||
− | * FAST enhancements |
+ | * [[Projects/Fast negotiation|FAST enhancements]] |
− | * |
+ | * [[Projects/Services4User| S4U2Self/S4U2Proxy]] |
− | * |
+ | * [[Projects/Anonymous pkinit | Anonymous PKINIT]] |
Latest revision as of 15:48, 3 March 2010
This is the feature set for the krb5-1.8 release. This page organizes the goals by the "guiding principles" listed in the roadmap.
Contents
Timeline
This is only an approximate timeline.
- 2009-10-06 -- "halfway point" feature and integration test
- 2010-01-04 -- make release branch
- 2010-03-01 -- final release
Code quality
- Move toward test-driven development
- Increase conformance to coding style
- See Coding style/Transition strategies
- "The great reindent"
- Selective refactoring
Modularity
- Crypto modularity
- Move toward improved KDB interface
- Improved API for verifying and interrogating authorization data
Performance
- Investigate and remedy repeatedly-reported performance bottlenecks.
- Encryption performance
End-user experience
- Reduce DNS dependence
- Love's ccache auxiliary data proposal allows client library to track whether a KDC supports service principal referrals.
Administrator experience
- Disable DES by default (1.8)
- More versatile crypto configuration, to simplify migration away from DES
- Lockout for repeated login failures
- HDBBridge so an MIT KDC can read a Heimdal database