logo_kerberos.gif

Difference between revisions of "Release 1.8"

From K5Wiki
Jump to: navigation, search
(Protocol evolution)
 
(4 intermediate revisions by 2 users not shown)
Line 1: Line 1:
This is the preliminary proposed goal set for the '''krb5-1.8 release'''. Please provide comments on the krbdev list. This page organizes the goals by the "guiding principles" listed in the [[Roadmap|roadmap]].
+
This is the feature set for the '''krb5-1.8 release'''. This page organizes the goals by the "guiding principles" listed in the [[Roadmap|roadmap]].
   
 
== Timeline ==
 
== Timeline ==
Line 14: Line 14:
 
* Increase conformance to coding style
 
* Increase conformance to coding style
 
** See [[Coding style/Transition strategies]]
 
** See [[Coding style/Transition strategies]]
** "The great reindent"?
+
** "[[Coding style/Reindenting|The great reindent]]"
 
** Selective refactoring
 
** Selective refactoring
   
Line 38: Line 38:
 
* More versatile [[Projects/Enctype_config_enhancements|crypto configuration]], to simplify migration away from DES
 
* More versatile [[Projects/Enctype_config_enhancements|crypto configuration]], to simplify migration away from DES
 
* [[Projects/Lockout|Lockout]] for repeated login failures
 
* [[Projects/Lockout|Lockout]] for repeated login failures
* [[Projects/Trace logging|Trace logging]] for easier troubleshooting
 
  +
* [[Projects/HDBBridge|HDBBridge]] so an MIT KDC can read a Heimdal database
   
 
== Protocol evolution ==
 
== Protocol evolution ==
   
* FAST enhancements
+
* [[Projects/Fast negotiation|FAST enhancements]]
 
* [[Projects/Services4User| S4U2Self/S4U2Proxy]]
 
* [[Projects/Services4User| S4U2Self/S4U2Proxy]]
 
* [[Projects/Anonymous pkinit | Anonymous PKINIT]]
 
* [[Projects/Anonymous pkinit | Anonymous PKINIT]]

Latest revision as of 16:48, 3 March 2010

This is the feature set for the krb5-1.8 release. This page organizes the goals by the "guiding principles" listed in the roadmap.

Timeline

This is only an approximate timeline.

  • 2009-10-06 -- "halfway point" feature and integration test
  • 2010-01-04 -- make release branch
  • 2010-03-01 -- final release

Code quality

Modularity

Performance

End-user experience

  • Reduce DNS dependence
    • Love's ccache auxiliary data proposal allows client library to track whether a KDC supports service principal referrals.

Administrator experience

  • Disable DES by default (1.8)
  • More versatile crypto configuration, to simplify migration away from DES
  • Lockout for repeated login failures
  • HDBBridge so an MIT KDC can read a Heimdal database

Protocol evolution