8 http://web.mit.edu/kerberos
14 ====================================================== ======================================= =============================================================================
15 Latest stable version 1.10
16 Supported versions 1.8.6, 1.9.3, 1.10
17 Release cycle 9 - 12 months
18 Supported platforms/OS distributions Solaris
27 Crypto backends - OpenSSL 1.0\+ - http://www.openssl.org
28 - builtin - MIT Kerberos native crypto library
29 - NSS 3.12.9\+ - Mozilla's Network Security Services.
30 http://www.mozilla.org/projects/security/pki/nss
31 Database backends - LDAP
34 DES support configurable http://k5wiki.kerberos.org/wiki/Projects/Disable_DES
35 GSS-API S4U extensions 1.8+ http://msdn.microsoft.com/en-us/library/cc246071
38 GSS-API naming extensions 1.8+ http://tools.ietf.org/html/draft-ietf-kitten-gssapi-naming-exts-11
40 GSS-API extensions for storing delegated credentials 1.8+ :rfc:`5588`
42 License :ref:`mitK5license`
43 ====================================================== ======================================= =============================================================================
52 Starting from version 1.7:
54 * Follow client principal referrals in the client library when
55 obtaining initial tickets.
57 * KDC can issue realm referrals for service principals based on domain names.
59 * Extensions supporting DCE RPC, including three-leg GSS context setup
60 and unencapsulated GSS tokens inside SPNEGO.
62 * Microsoft GSS_WrapEX, implemented using the gss_iov API, which is
63 similar to the equivalent SSPI functionality. This is needed to
64 support some instances of DCE RPC.
66 * NTLM recognition support in GSS-API, to facilitate dropping in an
67 NTLM implementation for improved compatibility with older releases
70 * KDC support for principal aliases, if the back end supports them.
71 Currently, only the LDAP back end supports aliases.
73 * Support Microsoft set/change password (RFC 3244) protocol in
76 * Implement client and KDC support for GSS_C_DELEG_POLICY_FLAG, which
77 allows a GSS application to request credential delegation only if
78 permitted by KDC policy.
81 Starting from version 1.8:
83 * Microsoft Services for User (S4U) compatibility`
89 * Support for reading Heimdal database starting from version 1.8
95 =============================================== =========== ============================================
96 \ Available Additional information
97 =============================================== =========== ============================================
98 Credentials delegation 1.7 :rfc:`5896`
99 Cross-realm authentication and referrals 1.7 http://tools.ietf.org/html/draft-ietf-krb-wg-kerberos-referrals-12
100 Master key migration 1.7 http://k5wiki.kerberos.org/wiki/Projects/Master_Key_Migration
101 PKINIT 1.7 :rfc:`4556`
102 Anonymous PKINIT 1.8 :rfc:`6112` http://k5wiki.kerberos.org/wiki/Projects/Anonymous_pkinit
103 Constrained delegation 1.8 http://k5wiki.kerberos.org/wiki/Projects/ConstrainedDelegation
104 IAKERB 1.8 http://tools.ietf.org/html/draft-ietf-krb-wg-iakerb-02
105 Heimdal bridge plugin for KDC backend 1.8
106 Advance warning on password expiry 1.9
107 Camellia encryption (CTS-CMAC mode) 1.9 experimental http://tools.ietf.org/html/draft-ietf-krb-wg-camellia-cts-00
108 KDC support for SecurID preauthentication 1.9 http://k5wiki.kerberos.org/wiki/Projects/SecurID_SAM_support
110 Trace logging 1.9 http://k5wiki.kerberos.org/wiki/Projects/Trace_logging
111 GSSAPI/KRB5 multi-realm support
112 Plugin to test password quality 1.9 http://k5wiki.kerberos.org/wiki/Projects/Password_quality_pluggable_interface
113 Plugin to synchronize password changes 1.9
115 GS2 1.9 :rfc:`5801` :rfc:`5587` http://k5wiki.kerberos.org/wiki/Projects/GS2
117 Naming extensions for delegation chain 1.9
118 Password expiration API 1.9
119 Windows client support (build-only) 1.9
121 - PW-SALT :rfc:`4120#section-5.2.7.3`
122 - ENC-TIMESTAMP :rfc:`4120#section-5.2.7.2`
124 - FAST negotiation framework 1.8 :rfc:`6113`
125 - PKINIT with FAST on client 1.10 :rfc:`6113`
127 - FX-COOKIE :rfc:`6113#section-5.2`
128 - S4U-X509-USER 1.8 http://msdn.microsoft.com/en-us/library/cc246091
133 - Fortuna PRNG 1.9 http://www.schneier.com/book-practical.html
134 - OS PRNG 1.10 OS's native PRNG
136 IPv6 support in iprop
137 Plugin interface for configuration 1.10 http://k5wiki.kerberos.org/wiki/Projects/Pluggable_configuration
138 Credentials for multiple identities 1.10 http://k5wiki.kerberos.org/wiki/Projects/Client_principal_selection
139 =============================================== =========== ============================================
145 Please, provide your feedback on this document at
146 krb5-bugs@mit.edu?subject=Documentation___krb5_implementation_features