logo_kerberos.gif

Difference between revisions of "Release 1.13"

From K5Wiki
Jump to: navigation, search
(New page: == Timeline == This is only an approximate timeline. Dates are subject to change. * Oct. 2014 -- make release branch * Dec. 2014 -- final release == Code quality == * Additional KDC re...)
 
(Administrator experience)
 
(2 intermediate revisions by the same user not shown)
Line 3: Line 3:
 
This is only an approximate timeline. Dates are subject to change.
 
This is only an approximate timeline. Dates are subject to change.
   
* Oct. 2014 -- make release branch
+
* Aug. 2014 -- make release branch
* Dec. 2014 -- final release
+
* Oct. 2014 -- final release
   
 
== Code quality ==
 
== Code quality ==
Line 20: Line 20:
   
 
* [[Projects/Trust KDC-local name resolution]]
 
* [[Projects/Trust KDC-local name resolution]]
  +
* [[Projects/Improve GSSAPI mechanism configuration]]
  +
* [[Projects/LDAP SASL TLS support]]
  +
* [[Projects/Hierarchical iprop]]
   
 
== Performance ==
 
== Performance ==
Line 25: Line 28:
 
== Protocol evolution ==
 
== Protocol evolution ==
   
  +
* [[Projects/HTTP Transport]]
 
* Ticket flag to signal KDC support for resolving aliases
 
* Ticket flag to signal KDC support for resolving aliases
 
* Authorization data -- conditional on IETF consensus
 
* Authorization data -- conditional on IETF consensus

Latest revision as of 12:02, 11 March 2014

Timeline

This is only an approximate timeline. Dates are subject to change.

  • Aug. 2014 -- make release branch
  • Oct. 2014 -- final release

Code quality

  • Additional KDC refactoring

Developer experience

End-user experience

  • Reduce DNS-related difficulties with service principal names
    • Config to disable client service principal canonicalization

Administrator experience

Performance

Protocol evolution

  • Projects/HTTP Transport
  • Ticket flag to signal KDC support for resolving aliases
  • Authorization data -- conditional on IETF consensus
    • Authorization data container with multiple verifiers (CAMMAC)
    • POSIX directory info in authorization data (PAD)
    • Level of Assurance in authorization data
    • Site-defined string-keyed claims in authorization data
    • X.509 attributes in authorization data
  • FAST preauth sets (e.g. OTP + long-term password)