logo_kerberos.gif

Release 1.11

From K5Wiki
(Difference between revisions)
Jump to: navigation, search
 
(9 intermediate revisions by one user not shown)
Line 13: Line 13:
 
== Developer experience ==
 
== Developer experience ==
   
* Use default keytab for gss_init_sec_context when available
+
* [[Projects/APIs_for_keytab_and_cccol_content]]
* Importing and exporting of GSS creds (useful for async GSS proxy) -- expecting contribution
+
* [[Projects/Keytab_initiation]] -- Use default keytab for gss_init_sec_context when available (done)
* Interposition for GSS mechglue
+
* [[Projects/Export_import_cred]] -- Importing and exporting of GSS creds (useful for async GSS proxy) (done)
  +
* [[Projects/Input_CCache]]
  +
* [[Projects/Interposer_Mechanism]]
  +
* [[Projects/Responder]]
  +
* [[Projects/Password_response_item]]
 
* Documentation consolidation
 
* Documentation consolidation
   
Line 21: Line 21:
   
 
* Documentation consolidation
 
* Documentation consolidation
  +
* [[Projects/Credential_Store_extensions]] -- Store metadata in the ccache about how a credential was acquired, to improve the user's experience when reacquiring (expecting contribution)
  +
* [[Projects/Extensible_Policy]]
  +
* Support distinct client time offsets per realm (expecting contribution)
   
 
== Administrator experience ==
 
== Administrator experience ==
   
* [[Projects/Trust KDC-local name resolution]]
+
* [[Projects/Keytab_ccache_name_parameters]] -- Add parameterized substitution for default keytab and ccache names
  +
* [[Projects/Keytab_initiation]] -- Use default keytab for gss_init_sec_context when available (done)
 
* FAST OTP client in libkrb5 (maybe excluding second-level plugins hardware OTP tokens)
 
* FAST OTP client in libkrb5 (maybe excluding second-level plugins hardware OTP tokens)
 
* Documentation consolidation
 
* Documentation consolidation
Line 30: Line 33:
 
== Performance ==
 
== Performance ==
   
* Improve (or eliminate) KDC lookaside cache
+
* Improve (or eliminate) KDC lookaside cache (done)
   
 
== Protocol evolution ==
 
== Protocol evolution ==
   
* Authorization data container with multiple verifiers
+
* Enable Camellia encryption
* POSIX directory info in authorization data (PAD)
 
* Level of Assurance in authorization data
 
* Site-defined string-keyed claims in authorization data
 
* X.509 attributes in authorization data
 
* FAST preauth sets (e.g. OTP + long-term password)
 

Latest revision as of 12:49, 2 November 2012

Contents

[edit] Timeline

This is only an approximate timeline. Dates are subject to change.

  • Oct. 2012 -- make release branch
  • Dec. 2012 -- final release

[edit] Code quality

[edit] Developer experience

[edit] End-user experience

[edit] Administrator experience

  • Projects/Keytab_ccache_name_parameters -- Add parameterized substitution for default keytab and ccache names
  • Projects/Keytab_initiation -- Use default keytab for gss_init_sec_context when available (done)
  • FAST OTP client in libkrb5 (maybe excluding second-level plugins hardware OTP tokens)
  • Documentation consolidation

[edit] Performance

  • Improve (or eliminate) KDC lookaside cache (done)

[edit] Protocol evolution

  • Enable Camellia encryption
Personal tools