Release 1.10

Timeline

This is only an approximate timeline.

Update the Fortuna implementation to more accurately implement the description in Cryptography Engineering, and make it the default PRNG.
Add an alternative PRNG that relies on the OS native PRNG.

Add the ability for GSSAPI servers to use any keytab key for a specified service, if the server specifies a host-based name with no hostname component.
Kernel / user split (for NFS, etc.): Add build infrastructure demonstrating and testing a message-processing subset of the gss-krb5 mechanism suitable for kernel filesystems.
Allow rd_safe and rd_priv to ignore the remote address.
Rework KDC and kadmind networking code to use an event loop architecture.
Pluggable configuration back-end: Allow applications and integrators to override krb5.conf as the source of krb5 configuration data.

Localization: Create infrastructure for localization of client user interface messages using gettext.
Credential selection: Add a facility to select between credentials for different Kerberos identities based on the service being contacted. (This will be confirmed).

Add more complete support for renaming principals.
Add the profile variable ignore_acceptor_hostname in libdefaults. If set, GSSAPI will ignore the hostname component of acceptor names supplied by the server, allowing any keytab key matching the service to be used.
Add support for string attributes on principal entries.
Allow password changes to work over NATs.