logo_kerberos.gif

Difference between revisions of "Release 1.13"

From K5Wiki
Jump to: navigation, search
(New page: == Timeline == This is only an approximate timeline. Dates are subject to change. * Oct. 2014 -- make release branch * Dec. 2014 -- final release == Code quality == * Additional KDC re...)
 
Line 20: Line 20:
   
 
* [[Projects/Trust KDC-local name resolution]]
 
* [[Projects/Trust KDC-local name resolution]]
  +
* [[Projects/Improve GSSAPI mechanism configuration]]
  +
* [[Projects/LDAP SASL TLS support]]
  +
* Hierarchical incremental propagation
   
 
== Performance ==
 
== Performance ==
Line 25: Line 28:
 
== Protocol evolution ==
 
== Protocol evolution ==
   
  +
* [[Projects/HTTP Transport]]
 
* Ticket flag to signal KDC support for resolving aliases
 
* Ticket flag to signal KDC support for resolving aliases
 
* Authorization data -- conditional on IETF consensus
 
* Authorization data -- conditional on IETF consensus

Revision as of 13:58, 26 November 2013

Timeline

This is only an approximate timeline. Dates are subject to change.

  • Oct. 2014 -- make release branch
  • Dec. 2014 -- final release

Code quality

  • Additional KDC refactoring

Developer experience

End-user experience

  • Reduce DNS-related difficulties with service principal names
    • Config to disable client service principal canonicalization

Administrator experience

Performance

Protocol evolution

  • Projects/HTTP Transport
  • Ticket flag to signal KDC support for resolving aliases
  • Authorization data -- conditional on IETF consensus
    • Authorization data container with multiple verifiers (CAMMAC)
    • POSIX directory info in authorization data (PAD)
    • Level of Assurance in authorization data
    • Site-defined string-keyed claims in authorization data
    • X.509 attributes in authorization data
  • FAST preauth sets (e.g. OTP + long-term password)