From: Tom Yu Date: Wed, 6 Jan 2010 22:58:45 +0000 (+0000) Subject: README, patchlevel, etc. for krb5-1.8-alpha1 X-Git-Tag: krb5-1.8-alpha1~1 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=566853132c33f96eacc716bf51a1ca30d40c2723;p=krb5.git README, patchlevel, etc. for krb5-1.8-alpha1 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23594 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/README b/README index a05bc9f6e..c1eabc522 100644 --- a/README +++ b/README @@ -71,9 +71,112 @@ beginning with krb5-1.8. Major changes in 1.8 -------------------- +The krb5-1.8 release contains a large number of changes, featuring +improvements in the following broad areas: + +* Code quality +* Modularity +* Performance +* End-user experience +* Administrator experience +* Protocol evolution + +Code quality: + +* Move toward test-driven development -- new features have test code, + or at least written testing procedures. + +* Increase conformance to coding style + + + "The great reindent" + + + Selective refactoring + +Modularity: + +* Crypto modularity -- vendors can more easily substitute their own + crypto implementations, which might be hardware-accelerated or + validated to FIPS 140, for the builtin crypto implementation that + has historically shipped as part of MIT Kerberos. Currently, only + an OpenSSL provider is included, but others are possible. + +* Move toward improved KDB interface + +* Improved API for verifying and interrogating authorization data + +Performance: + +* Investigate and remedy repeatedly-reported performance bottlenecks. + +* Encryption performance -- new crypto API with opaque key structures, + to allow for optimizations such as caching of derived keys + +End-user experience: + +* Reduce DNS dependence by implementing an interface that allows + client library to track whether a KDC supports service principal + referrals. + +Administrator experience: + +* Disable DES by default -- this reduces security exposure from using + an increasingly insecure cipher. + +* More versatile crypto configuration, to simplify migration away from + DES -- new configuration syntax to allow inclusion and exclusion of + specific algorithms relative to a default set. + +* Account lockout for repeated login failures -- mitigates online + password guessing attacks, and helps with some enterprise regulatory + compliance. + +Protocol evolution: + +* FAST enhancements -- preauthentication framework enhancements + +* Microsoft Services for User (S4U) compatibility: S4U2Self, also + known as "protocol transition", allows for service to ask a KDC for + a ticket to themselves on behalf of a client authenticated via a + different means; S4U2Proxy allows a service to ask a KDC for a + ticket to another service on behalf of a client. + +* Anonymous PKINIT -- allows the use of public-key cryptography to + anonymously authenticate to a realm + krb5-1.8 changes by ticket ID ----------------------------- +5468 delete kadmin v1 support +6206 new API for storing extra per-principal data in ccache +6434 krb5_cc_resolve() will crash if a null name param is provided +6454 Make krb5_mkt_resolve error handling work +6510 Restore limited support for static linking +6539 Enctype list configuration enhancements +6547 Modify kadm5 initializers to accept krb5 contexts +6563 Implement s4u extensions +6564 s4u extensions integration broke test suite... +6565 HP-UX IA64 wrong endian +6572 Implement GSS naming extensions and authdata verification +6576 Implement new APIs to allow improved crypto performance +6577 Account lockout for repeated login failures +6578 Heimdal DB bridge plugin for KDC back end +6580 Constrained delegation without PAC support +6582 Memory leak in _kadm5_init_any introduced with ipropd +6583 Unbundle applications into separate repository +6586 libkrb5 support for non-blocking AS requests +6590 allow testing even if name->addr->name mapping doesn't work +6591 fix slow behavior on Mac OS X with link-local addresses +6593 Remove dependency on /bin/csh in test suite +6595 FAST (preauth framework) negotiation +6597 Add GSS extensions to store credentials, generate random bits +6605 PKINIT client should validate SAN for TGS, not service principal +6606 allow testing when offline +6607 anonymous PKINIT +6616 Fix spelling and hyphen errors in man pages +6618 Support optional creation of PID files for krb5kdc and kadmind +6620 kdc_supported_enctypes does nothing; eradicate mentions thereof +6621 disable weak crypto by default + Copyright and Other Legal Notices --------------------------------- diff --git a/doc/definitions.texinfo b/doc/definitions.texinfo index 2db0add17..9032a9d6d 100644 --- a/doc/definitions.texinfo +++ b/doc/definitions.texinfo @@ -19,8 +19,8 @@ @set RANDOMUSER johndoe @set RANDOMUSER1 jennifer @set RANDOMUSER2 david -@set RELEASE 1.6 -@set PREVRELEASE 1.5 +@set RELEASE 1.8 +@set PREVRELEASE 1.7 @set INSTALLDIR /usr/@value{LCPRODUCT} @set PREVINSTALLDIR @value{INSTALLDIR} @set ROOTDIR /usr/local diff --git a/src/patchlevel.h b/src/patchlevel.h index e1b179eeb..c538abcaf 100644 --- a/src/patchlevel.h +++ b/src/patchlevel.h @@ -53,6 +53,6 @@ #define KRB5_MAJOR_RELEASE 1 #define KRB5_MINOR_RELEASE 8 #define KRB5_PATCHLEVEL 0 -#define KRB5_RELTAIL "prerelease" +#define KRB5_RELTAIL "alpha1" /* #undef KRB5_RELDATE */ -#define KRB5_RELTAG "branches/krb5-1-8" +#define KRB5_RELTAG "tags/krb5-1-8-alpha1"