logo_kerberos.gif

Difference between revisions of "Release 1.11"

From K5Wiki
Jump to: navigation, search
(Code quality)
 
(10 intermediate revisions by the same user not shown)
Line 13: Line 13:
 
== Developer experience ==
 
== Developer experience ==
   
* Use default keytab for gss_init_sec_context
 
  +
* [[Projects/APIs_for_keytab_and_cccol_content]]
* Interposition for GSS mechglue
 
 
* [[Projects/Keytab_initiation]] -- Use default keytab for gss_init_sec_context when available (done)
  +
* [[Projects/Export_import_cred]] -- Importing and exporting of GSS creds (useful for async GSS proxy) (done)
  +
* [[Projects/Input_CCache]]
  +
* [[Projects/Interposer_Mechanism]]
  +
* [[Projects/Responder]]
  +
* [[Projects/Password_response_item]]
 
* Documentation consolidation
 
* Documentation consolidation
* gss_export_cred (useful for async GSS proxy) -- expecting contribution
 
   
 
== End-user experience ==
 
== End-user experience ==
   
 
* Documentation consolidation
 
* Documentation consolidation
  +
* [[Projects/Credential_Store_extensions]] -- Store metadata in the ccache about how a credential was acquired, to improve the user's experience when reacquiring (expecting contribution)
  +
* [[Projects/Extensible_Policy]]
  +
* Support distinct client time offsets per realm (expecting contribution)
   
 
== Administrator experience ==
 
== Administrator experience ==
   
* [[Projects/Trust KDC-local name resolution]]
 
  +
* [[Projects/Keytab_ccache_name_parameters]] -- Add parameterized substitution for default keytab and ccache names
  +
* [[Projects/Keytab_initiation]] -- Use default keytab for gss_init_sec_context when available (done)
 
* FAST OTP client in libkrb5 (maybe excluding second-level plugins hardware OTP tokens)
 
* FAST OTP client in libkrb5 (maybe excluding second-level plugins hardware OTP tokens)
 
* Documentation consolidation
 
* Documentation consolidation
   
 
== Performance ==
 
== Performance ==
  +
  +
* Improve (or eliminate) KDC lookaside cache (done)
   
 
== Protocol evolution ==
 
== Protocol evolution ==
   
* Authorization data container with multiple verifiers
 
  +
* Enable Camellia encryption
* POSIX directory info in authorization data (PAD)
 
* Level of Assurance in authorization data
 
* Site-defined string-keyed claims in authorization data
 
* X.509 attributes in authorization data
 
* FAST preauth sets (e.g. OTP + long-term password)
 

Latest revision as of 11:49, 2 November 2012

Timeline

This is only an approximate timeline. Dates are subject to change.

  • Oct. 2012 -- make release branch
  • Dec. 2012 -- final release

Code quality

Developer experience

End-user experience

Administrator experience

Performance

  • Improve (or eliminate) KDC lookaside cache (done)

Protocol evolution

  • Enable Camellia encryption