Release 1.11
From K5Wiki
Contents
Timeline
This is only an approximate timeline. Dates are subject to change.
- Oct. 2012 -- make release branch
- Dec. 2012 -- final release
Code quality
- Improve ASN.1 support code, making it table-driven for decoding as well as encoding (done)
- Refactor parts of KDC, to better support libKDC and Projects/Trust KDC-local name resolution
Developer experience
- Use default keytab for gss_init_sec_context when available (done)
- Importing and exporting of GSS creds (useful for async GSS proxy) (done)
- Documentation consolidation
End-user experience
- Documentation consolidation
- Store metadata in the ccache about how a credential was acquired, to improve the user's experience when reacquiring (expecting contribution)
- Support distinct client time offsets per realm (expecting contribution)
Administrator experience
- Projects/Trust KDC-local name resolution
- FAST OTP client in libkrb5 (maybe excluding second-level plugins hardware OTP tokens)
- Documentation consolidation
Performance
- Improve (or eliminate) KDC lookaside cache
Protocol evolution
- Authorization data -- conditional on IETF consensus
- Authorization data container with multiple verifiers (CAMMAC)
- POSIX directory info in authorization data (PAD)
- Level of Assurance in authorization data
- Site-defined string-keyed claims in authorization data
- X.509 attributes in authorization data
- FAST preauth sets (e.g. OTP + long-term password)