Difference between revisions of "Release 1.7"
| Line 13: | Line 13: | ||
[[Projects/FAST]] |
[[Projects/FAST]] |
||
FAST is a pre-authentication framework for Kerberos. It includes a mechanism for tunneling pre-authentication exchanges using armoured KDC messages. FAST provides increased resistance to passive password guessing attacks. |
FAST is a pre-authentication framework for Kerberos. It includes a mechanism for tunneling pre-authentication exchanges using armoured KDC messages. FAST provides increased resistance to passive password guessing attacks. |
||
| + | |||
[[Projects/GSSAPI DCE]] |
[[Projects/GSSAPI DCE]] |
||
| + | The GSS-API DCE project proposes to add functionality found in SSPI to MIT Kerberos; this functionality includes support for AEAD and support sufficient to implement DCE RPC on top of MIT Kerberos. This project depends on and is a companion to Projects/AEAD encryption API. |
||
| + | |||
[[Projects/Master Key Migration]] |
[[Projects/Master Key Migration]] |
||
[[Projects/Masterkey Keytab Stash]] |
[[Projects/Masterkey Keytab Stash]] |
||
Revision as of 08:53, 21 November 2009
Projects/AEAD encryption API
The Microsoft SSPI provides an interface for in-place encryption of messages (see MS-KILE section 3.4.5.4ff). This interface also permits additional data to be included in the checksum generated to protect integrity. Such a facility is called authenticated encryption with additional data (AEAD). The SSPI works at the GSS-API layer, rather than the raw Kerberos layer.
This project proposes to extend the raw Kerberos cryptographic API (krb5_c_*) in order to make it possible to implement these SSPI facilities in an extension to the GSS-API. The ultimate consumer of these applications is typically DCE-style RPC, although the facilities could be used by other applications.
Projects/Aliases
This project proposes to add two features. The first is support for Unicode principal names and case insensitive principal search. The goal of this project is to get behavior more similar to Microsoft and to search for principals in a manner that supports international use somewhat better. This includes case insensitive search and support for ignoring accents in search.
Protocol extensions for general internationalization or character set conversion are specifically out of scope. The second feature is generalized support for name canonicalization and server principal aliases.
Projects/FAST
FAST is a pre-authentication framework for Kerberos. It includes a mechanism for tunneling pre-authentication exchanges using armoured KDC messages. FAST provides increased resistance to passive password guessing attacks.
Projects/GSSAPI DCE
The GSS-API DCE project proposes to add functionality found in SSPI to MIT Kerberos; this functionality includes support for AEAD and support sufficient to implement DCE RPC on top of MIT Kerberos. This project depends on and is a companion to Projects/AEAD encryption API.
Projects/Master Key Migration Projects/Masterkey Keytab Stash Projects/PAC and principal APIs Projects/RFC 3244 Projects/RFC 4537 Projects/Remove krb4 Projects/VerifyAuthData Projects/domain realm referrals Projects/replay cache collision avoidance
