logo_kerberos.gif

Difference between revisions of "Release 1.8"

From K5Wiki
Jump to: navigation, search
(Protocol evolution)
 
(14 intermediate revisions by 3 users not shown)
Line 1: Line 1:
This is the preliminary proposed goal set for the '''krb5-1.8 release'''. Please provide comments on the krbdev list. This page organizes the goals by the "guiding principles" listed in the [[Roadmap|roadmap]].
+
This is the feature set for the '''krb5-1.8 release'''. This page organizes the goals by the "guiding principles" listed in the [[Roadmap|roadmap]].
   
 
== Timeline ==
 
== Timeline ==
Line 5: Line 5:
 
This is only an approximate timeline.
 
This is only an approximate timeline.
   
* 2009-09-14 -- "halfway point" feature and integration test
+
* 2009-10-06 -- "halfway point" feature and integration test
 
* 2010-01-04 -- make release branch
 
* 2010-01-04 -- make release branch
 
* 2010-03-01 -- final release
 
* 2010-03-01 -- final release
Line 14: Line 14:
 
* Increase conformance to coding style
 
* Increase conformance to coding style
 
** See [[Coding style/Transition strategies]]
 
** See [[Coding style/Transition strategies]]
** "The great reindent"?
+
** "[[Coding style/Reindenting|The great reindent]]"
 
** Selective refactoring
 
** Selective refactoring
   
Line 21: Line 21:
 
* [[Projects/Crypto_modularity|Crypto modularity]]
 
* [[Projects/Crypto_modularity|Crypto modularity]]
 
* Move toward improved KDB interface
 
* Move toward improved KDB interface
  +
* Improved API for [[Projects/VerifyAuthData|verifying and interrogating authorization data]]
   
 
== Performance ==
 
== Performance ==
   
 
* Investigate and remedy repeatedly-reported performance bottlenecks.
 
* Investigate and remedy repeatedly-reported performance bottlenecks.
* Enhancements to improve concurrency
 
  +
* [[Projects/Encryption performance|Encryption performance]]
** Explicit state
 
** Reduce mutex contention
 
** Support asynchronous APIs and frameworks such as Apple's Grand Central Dispatch; begin refactoring code to make this easier
 
   
 
== End-user experience ==
 
== End-user experience ==
Line 37: Line 35:
 
== Administrator experience ==
 
== Administrator experience ==
   
* More versatile crypto configuration, to simplify migration away from DES
 
  +
* Disable DES by default (1.8)
 
* More versatile [[Projects/Enctype_config_enhancements|crypto configuration]], to simplify migration away from DES
  +
* [[Projects/Lockout|Lockout]] for repeated login failures
  +
* [[Projects/HDBBridge|HDBBridge]] so an MIT KDC can read a Heimdal database
   
 
== Protocol evolution ==
 
== Protocol evolution ==
   
* FAST enhancements
+
* [[Projects/Fast negotiation|FAST enhancements]]
* Anonymous PKINIT
+
* [[Projects/Services4User| S4U2Self/S4U2Proxy]]
* S4U2Self/S4U2Proxy
+
* [[Projects/Anonymous pkinit | Anonymous PKINIT]]
* Improved API for verifying and interrogating authorization data
 

Latest revision as of 16:48, 3 March 2010

This is the feature set for the krb5-1.8 release. This page organizes the goals by the "guiding principles" listed in the roadmap.

Timeline

This is only an approximate timeline.

  • 2009-10-06 -- "halfway point" feature and integration test
  • 2010-01-04 -- make release branch
  • 2010-03-01 -- final release

Code quality

Modularity

Performance

End-user experience

  • Reduce DNS dependence
    • Love's ccache auxiliary data proposal allows client library to track whether a KDC supports service principal referrals.

Administrator experience

  • Disable DES by default (1.8)
  • More versatile crypto configuration, to simplify migration away from DES
  • Lockout for repeated login failures
  • HDBBridge so an MIT KDC can read a Heimdal database

Protocol evolution