logo_kerberos.gif

Release 1.13

From K5Wiki
Revision as of 13:02, 11 March 2014 by TomYu (talk | contribs) (Administrator experience)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Timeline

This is only an approximate timeline. Dates are subject to change.

  • Aug. 2014 -- make release branch
  • Oct. 2014 -- final release

Code quality

  • Additional KDC refactoring

Developer experience

End-user experience

  • Reduce DNS-related difficulties with service principal names
    • Config to disable client service principal canonicalization

Administrator experience

Performance

Protocol evolution

  • Projects/HTTP Transport
  • Ticket flag to signal KDC support for resolving aliases
  • Authorization data -- conditional on IETF consensus
    • Authorization data container with multiple verifiers (CAMMAC)
    • POSIX directory info in authorization data (PAD)
    • Level of Assurance in authorization data
    • Site-defined string-keyed claims in authorization data
    • X.509 attributes in authorization data
  • FAST preauth sets (e.g. OTP + long-term password)