Difference between revisions of "Release 1.10"
From K5Wiki
(rough draft) |
|||
| (5 intermediate revisions by 3 users not shown) | |||
| Line 3: | Line 3: | ||
This is only an approximate timeline. |
This is only an approximate timeline. |
||
| − | * |
+ | * Oct. 2011 -- make release branch |
| − | * |
+ | * Jan. 2012 -- final release |
| − | == |
+ | == Code quality == |
| − | * Kernel / user split (for NFS, etc.) |
||
| + | * Update the Fortuna implementation to more accurately implement the description in ''Cryptography Engineering'', and make it the default PRNG. |
||
| − | * Localization |
||
| + | * Add an alternative PRNG that relies on the OS native PRNG. |
||
| − | * Improve API documentation |
||
| + | |||
| − | * Credential selection |
||
| + | == Developer experience == |
||
| − | * Referrals |
||
| + | |||
| − | * PKINIT hash agility |
||
| + | * Add the ability for GSSAPI servers to use any keytab key for a specified service, if the server specifies a host-based name with no hostname component. |
||
| + | * Kernel / user split (for NFS, etc.): Add build infrastructure demonstrating and testing a message-processing subset of the gss-krb5 mechanism suitable for kernel filesystems. |
||
| + | * Allow rd_safe and rd_priv to ignore the remote address. |
||
| + | * Rework KDC and kadmind networking code to use an event loop architecture. |
||
| + | * Pluggable configuration back-end: Allow applications and integrators to override krb5.conf as the source of krb5 configuration data. |
||
| + | |||
| + | == End-user experience == |
||
| + | * Localization: Create infrastructure for localization of client user interface messages using gettext. |
||
| + | * Credential selection: Add a facility to select between credentials for different Kerberos identities based on the service being contacted. (This will be confirmed). |
||
| + | |||
| + | == Administrator experience == |
||
| + | |||
| + | * Add more complete support for renaming principals. |
||
| + | * Add the profile variable ignore_acceptor_hostname in libdefaults. If set, GSSAPI will ignore the hostname component of acceptor names supplied by the server, allowing any keytab key matching the service to be used. |
||
| + | * Add support for string attributes on principal entries. |
||
| + | * Allow password changes to work over NATs. |
||
| + | |||
| + | == Protocol evolution == |
||
| + | |||
| + | * Referrals: Finish implementation following IETF updates. |
||
| + | * PKINIT hash agility: Allow PKINIT to use newer hash algorithms than SHA-1. |
||
Latest revision as of 16:55, 27 January 2012
Contents
Timeline
This is only an approximate timeline.
- Oct. 2011 -- make release branch
- Jan. 2012 -- final release
Code quality
- Update the Fortuna implementation to more accurately implement the description in Cryptography Engineering, and make it the default PRNG.
- Add an alternative PRNG that relies on the OS native PRNG.
Developer experience
- Add the ability for GSSAPI servers to use any keytab key for a specified service, if the server specifies a host-based name with no hostname component.
- Kernel / user split (for NFS, etc.): Add build infrastructure demonstrating and testing a message-processing subset of the gss-krb5 mechanism suitable for kernel filesystems.
- Allow rd_safe and rd_priv to ignore the remote address.
- Rework KDC and kadmind networking code to use an event loop architecture.
- Pluggable configuration back-end: Allow applications and integrators to override krb5.conf as the source of krb5 configuration data.
End-user experience
- Localization: Create infrastructure for localization of client user interface messages using gettext.
- Credential selection: Add a facility to select between credentials for different Kerberos identities based on the service being contacted. (This will be confirmed).
Administrator experience
- Add more complete support for renaming principals.
- Add the profile variable ignore_acceptor_hostname in libdefaults. If set, GSSAPI will ignore the hostname component of acceptor names supplied by the server, allowing any keytab key matching the service to be used.
- Add support for string attributes on principal entries.
- Allow password changes to work over NATs.
Protocol evolution
- Referrals: Finish implementation following IETF updates.
- PKINIT hash agility: Allow PKINIT to use newer hash algorithms than SHA-1.
