Difference between revisions of "Release 1.11"
From K5Wiki
(→Code quality) |
|||
(10 intermediate revisions by the same user not shown) | |||
Line 13: | Line 13: | ||
== Developer experience == |
== Developer experience == |
||
⚫ | |||
+ | * [[Projects/APIs_for_keytab_and_cccol_content]] |
||
− | * Interposition for GSS mechglue |
||
⚫ | |||
+ | * [[Projects/Export_import_cred]] -- Importing and exporting of GSS creds (useful for async GSS proxy) (done) |
||
+ | * [[Projects/Input_CCache]] |
||
+ | * [[Projects/Interposer_Mechanism]] |
||
+ | * [[Projects/Responder]] |
||
+ | * [[Projects/Password_response_item]] |
||
* Documentation consolidation |
* Documentation consolidation |
||
− | * gss_export_cred (useful for async GSS proxy) -- expecting contribution |
||
== End-user experience == |
== End-user experience == |
||
* Documentation consolidation |
* Documentation consolidation |
||
+ | * [[Projects/Credential_Store_extensions]] -- Store metadata in the ccache about how a credential was acquired, to improve the user's experience when reacquiring (expecting contribution) |
||
+ | * [[Projects/Extensible_Policy]] |
||
+ | * Support distinct client time offsets per realm (expecting contribution) |
||
== Administrator experience == |
== Administrator experience == |
||
− | * [[Projects/Trust KDC-local name resolution]] |
||
+ | * [[Projects/Keytab_ccache_name_parameters]] -- Add parameterized substitution for default keytab and ccache names |
||
+ | * [[Projects/Keytab_initiation]] -- Use default keytab for gss_init_sec_context when available (done) |
||
* FAST OTP client in libkrb5 (maybe excluding second-level plugins hardware OTP tokens) |
* FAST OTP client in libkrb5 (maybe excluding second-level plugins hardware OTP tokens) |
||
* Documentation consolidation |
* Documentation consolidation |
||
== Performance == |
== Performance == |
||
+ | |||
+ | * Improve (or eliminate) KDC lookaside cache (done) |
||
== Protocol evolution == |
== Protocol evolution == |
||
− | * Authorization data container with multiple verifiers |
||
+ | * Enable Camellia encryption |
||
− | * POSIX directory info in authorization data (PAD) |
||
− | * Level of Assurance in authorization data |
||
− | * Site-defined string-keyed claims in authorization data |
||
− | * X.509 attributes in authorization data |
||
− | * FAST preauth sets (e.g. OTP + long-term password) |
Latest revision as of 11:49, 2 November 2012
Contents
Timeline
This is only an approximate timeline. Dates are subject to change.
- Oct. 2012 -- make release branch
- Dec. 2012 -- final release
Code quality
- Improve ASN.1 support code, making it table-driven for decoding as well as encoding (done)
- Refactor parts of KDC, to better support libKDC and Projects/Trust KDC-local name resolution
Developer experience
- Projects/APIs_for_keytab_and_cccol_content
- Projects/Keytab_initiation -- Use default keytab for gss_init_sec_context when available (done)
- Projects/Export_import_cred -- Importing and exporting of GSS creds (useful for async GSS proxy) (done)
- Projects/Input_CCache
- Projects/Interposer_Mechanism
- Projects/Responder
- Projects/Password_response_item
- Documentation consolidation
End-user experience
- Documentation consolidation
- Projects/Credential_Store_extensions -- Store metadata in the ccache about how a credential was acquired, to improve the user's experience when reacquiring (expecting contribution)
- Projects/Extensible_Policy
- Support distinct client time offsets per realm (expecting contribution)
Administrator experience
- Projects/Keytab_ccache_name_parameters -- Add parameterized substitution for default keytab and ccache names
- Projects/Keytab_initiation -- Use default keytab for gss_init_sec_context when available (done)
- FAST OTP client in libkrb5 (maybe excluding second-level plugins hardware OTP tokens)
- Documentation consolidation
Performance
- Improve (or eliminate) KDC lookaside cache (done)
Protocol evolution
- Enable Camellia encryption