Difference between revisions of "Release 1.12"
From K5Wiki
| Line 18: | Line 18: | ||
* Reduce DNS-related difficulties with service principal names |
* Reduce DNS-related difficulties with service principal names |
||
| + | ** Config to disable client service principal canonicalization |
||
== Administrator experience == |
== Administrator experience == |
||
Revision as of 13:26, 2 May 2013
Contents
Timeline
This is only an approximate timeline. Dates are subject to change.
- Oct. 2013 -- make release branch
- Dec. 2013 -- final release
Code quality
- Additional KDC refactoring
Developer experience
- Projects/Local authentication pluggable interface
- Make progress toward Projects/Kernel-friendly_GSS_subset
End-user experience
- Reduce DNS-related difficulties with service principal names
- Config to disable client service principal canonicalization
Administrator experience
- Projects/Trust_KDC-local_name_resolution
- Projects/Policy refcount elimination
- Projects/OTPOverRADIUS
Performance
- AES-NI support for built-in crypto back end
Protocol evolution
- Ticket flag to signal KDC support for resolving aliases
- Authorization data -- conditional on IETF consensus
- Authorization data container with multiple verifiers (CAMMAC)
- POSIX directory info in authorization data (PAD)
- Level of Assurance in authorization data
- Site-defined string-keyed claims in authorization data
- X.509 attributes in authorization data
- FAST preauth sets (e.g. OTP + long-term password)
