Difference between revisions of "Release 1.11"
From K5Wiki
(4 intermediate revisions by the same user not shown) | |||
Line 16: | Line 16: | ||
* [[Projects/Keytab_initiation]] -- Use default keytab for gss_init_sec_context when available (done) |
* [[Projects/Keytab_initiation]] -- Use default keytab for gss_init_sec_context when available (done) |
||
* [[Projects/Export_import_cred]] -- Importing and exporting of GSS creds (useful for async GSS proxy) (done) |
* [[Projects/Export_import_cred]] -- Importing and exporting of GSS creds (useful for async GSS proxy) (done) |
||
+ | * [[Projects/Input_CCache]] |
||
* [[Projects/Interposer_Mechanism]] |
* [[Projects/Interposer_Mechanism]] |
||
* [[Projects/Responder]] |
* [[Projects/Responder]] |
||
Line 30: | Line 31: | ||
== Administrator experience == |
== Administrator experience == |
||
− | * [[Projects/Keytab_ccache_name_parameters]] |
+ | * [[Projects/Keytab_ccache_name_parameters]] -- Add parameterized substitution for default keytab and ccache names |
+ | * [[Projects/Keytab_initiation]] -- Use default keytab for gss_init_sec_context when available (done) |
||
* FAST OTP client in libkrb5 (maybe excluding second-level plugins hardware OTP tokens) |
* FAST OTP client in libkrb5 (maybe excluding second-level plugins hardware OTP tokens) |
||
* Documentation consolidation |
* Documentation consolidation |
||
Line 40: | Line 41: | ||
== Protocol evolution == |
== Protocol evolution == |
||
− | * Authorization data -- conditional on IETF consensus |
||
+ | * Enable Camellia encryption |
||
− | ** Authorization data container with multiple verifiers (CAMMAC) |
||
− | ** POSIX directory info in authorization data (PAD) |
||
− | ** Level of Assurance in authorization data |
||
− | ** Site-defined string-keyed claims in authorization data |
||
− | ** X.509 attributes in authorization data |
||
− | * FAST preauth sets (e.g. OTP + long-term password) |
Latest revision as of 11:49, 2 November 2012
Contents
Timeline
This is only an approximate timeline. Dates are subject to change.
- Oct. 2012 -- make release branch
- Dec. 2012 -- final release
Code quality
- Improve ASN.1 support code, making it table-driven for decoding as well as encoding (done)
- Refactor parts of KDC, to better support libKDC and Projects/Trust KDC-local name resolution
Developer experience
- Projects/APIs_for_keytab_and_cccol_content
- Projects/Keytab_initiation -- Use default keytab for gss_init_sec_context when available (done)
- Projects/Export_import_cred -- Importing and exporting of GSS creds (useful for async GSS proxy) (done)
- Projects/Input_CCache
- Projects/Interposer_Mechanism
- Projects/Responder
- Projects/Password_response_item
- Documentation consolidation
End-user experience
- Documentation consolidation
- Projects/Credential_Store_extensions -- Store metadata in the ccache about how a credential was acquired, to improve the user's experience when reacquiring (expecting contribution)
- Projects/Extensible_Policy
- Support distinct client time offsets per realm (expecting contribution)
Administrator experience
- Projects/Keytab_ccache_name_parameters -- Add parameterized substitution for default keytab and ccache names
- Projects/Keytab_initiation -- Use default keytab for gss_init_sec_context when available (done)
- FAST OTP client in libkrb5 (maybe excluding second-level plugins hardware OTP tokens)
- Documentation consolidation
Performance
- Improve (or eliminate) KDC lookaside cache (done)
Protocol evolution
- Enable Camellia encryption