Release 1.10
From K5Wiki
Revision as of 15:06, 24 January 2012 by TomYu (talk | contribs) (some update from krb5-1.10 README)
Contents
Timeline
This is only an approximate timeline.
- Oct. 2011 -- make release branch
- Dec. 2011 -- final release
Code quality
- Update the Fortuna implementation to more accurately implement the description in Cryptography Engineering, and make it the default PRNG.
- Add an alternative PRNG that relies on the OS native PRNG.
Developer experience
- Add the ability for GSSAPI servers to use any keytab key for a specified service, if the server specifies a host-based name with no hostname component.
- Kernel / user split (for NFS, etc.): Add build infrastructure demonstrating and testing a message-processing subset of the gss-krb5 mechanism suitable for kernel filesystems.
- Allow rd_safe and rd_priv to ignore the remote address.
- Rework KDC and kadmind networking code to use an event loop architecture.
- Improve API documentation: Create documentation for the libkrb5 API.
- Pluggable configuration back-end: Allow applications and integrators to override krb5.conf as the source of krb5 configuration data.
Performance
End-user experience
- Localization: Create infrastructure for localization of client user interface messages using gettext.
- Credential selection: Add a facility to select between credentials for different Kerberos identities based on the service being contacted. (This will be confirmed).
Administrator experience
Protocol evolution
- Referrals: Finish implementation following IETF updates.
- PKINIT hash agility: Allow PKINIT to use newer hash algorithms than SHA-1.
- Selective refactoring of KDC (to support libKDC etc.): Reorganize parts of the KDC code for improved modularity and maintainability.