"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "doc/mitK5features.rst" between
krb5-1.17.1.tar.gz and krb5-1.18.tar.gz

About: Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography (MIT implementation). Current release.

mitK5features.rst  (krb5-1.17.1):mitK5features.rst  (krb5-1.18)
skipping to change at line 21 skipping to change at line 21
===================== =====================
https://web.mit.edu/kerberos https://web.mit.edu/kerberos
Quick facts Quick facts
----------- -----------
License - :ref:`mitK5license` License - :ref:`mitK5license`
Releases: Releases:
- Latest stable: https://web.mit.edu/kerberos/krb5-1.17/ - Latest stable: https://web.mit.edu/kerberos/krb5-1.18/
- Supported: https://web.mit.edu/kerberos/krb5-1.16/ - Supported: https://web.mit.edu/kerberos/krb5-1.17/
- Release cycle: 9 -- 12 months - Release cycle: approximately 12 months
Supported platforms \/ OS distributions: Supported platforms \/ OS distributions:
- Windows (KfW 4.0): Windows 7, Vista, XP - Windows (KfW 4.0): Windows 7, Vista, XP
- Solaris: SPARC, x86_64/x86 - Solaris: SPARC, x86_64/x86
- GNU/Linux: Debian x86_64/x86, Ubuntu x86_64/x86, RedHat x86_64/x86 - GNU/Linux: Debian x86_64/x86, Ubuntu x86_64/x86, RedHat x86_64/x86
- BSD: NetBSD x86_64/x86 - BSD: NetBSD x86_64/x86
Crypto backends: Crypto backends:
- builtin - MIT Kerberos native crypto library - builtin - MIT Kerberos native crypto library
- OpenSSL (1.0\+) - https://www.openssl.org - OpenSSL (1.0\+) - https://www.openssl.org
Database backends: LDAP, DB2, LMDB Database backends: LDAP, DB2, LMDB
krb4 support: Kerberos 5 release < 1.8 krb4 support: Kerberos 5 release < 1.8
DES support: configurable (See :ref:`retiring-des`) DES support: Kerberos 5 release < 1.18 (See :ref:`retiring-des`)
Interoperability Interoperability
---------------- ----------------
`Microsoft` `Microsoft`
Starting from release 1.7: Starting from release 1.7:
* Follow client principal referrals in the client library when * Follow client principal referrals in the client library when
obtaining initial tickets. obtaining initial tickets.
skipping to change at line 471 skipping to change at line 471
- Python test scripts now use Python 3. - Python test scripts now use Python 3.
- Python test scripts now display markers in verbose output, making - Python test scripts now display markers in verbose output, making
it easier to find where a failure occurred within the scripts. it easier to find where a failure occurred within the scripts.
- The Windows build system has been simplified and updated to work - The Windows build system has been simplified and updated to work
with more recent versions of Visual Studio. A large volume of with more recent versions of Visual Studio. A large volume of
unused Windows-specific code has been removed. Visual Studio 2013 unused Windows-specific code has been removed. Visual Studio 2013
or later is now required. or later is now required.
Release 1.18
* Administrator experience:
- Remove support for single-DES encryption types.
- Change the replay cache format to be more efficient and robust.
Replay cache filenames using the new format end with ``.rcache2``
by default.
- setuid programs will automatically ignore environment variables
that normally affect krb5 API functions, even if the caller does
not use krb5_init_secure_context().
- Add an ``enforce_ok_as_delegate`` krb5.conf relation to disable
credential forwarding during GSSAPI authentication unless the KDC
sets the ok-as-delegate bit in the service ticket.
- Use the ``permitted_enctypes`` krb5.conf setting as the default
value for ``default_tkt_enctypes`` and ``default_tgs_enctypes``.
* Developer experience:
- Implement krb5_cc_remove_cred() for all credential cache types.
- Add the krb5_pac_get_client_info() API to get the client account
name from a PAC.
* Protocol evolution:
- Add KDC support for S4U2Self requests where the user is identified
by X.509 certificate. (Requires support for certificate lookup
from a third-party KDB module.)
- Remove support for an old ("draft 9") variant of PKINIT.
- Add support for Microsoft NegoEx. (Requires one or more
third-party GSS modules implementing NegoEx mechanisms.)
- Honor the transited-policy-checked ticket flag on application
servers, eliminating the requirement to configure capaths on
servers in some scenarios.
* User experience:
- Add support for ``dns_canonicalize_hostname=fallback``, causing
host-based principal names to be tried first without DNS
canonicalization, and again with DNS canonicalization if the
un-canonicalized server is not found.
- Expand single-component hostnames in host-based principal names
when DNS canonicalization is not used, adding the system's first
DNS search path as a suffix. Add a ``qualify_shortname``
krb5.conf relation to override this suffix or disable expansion.
* Code quality:
- The libkrb5 serialization code (used to export and import krb5 GSS
security contexts) has been simplified and made type-safe.
- The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED
messages has been revised to conform to current coding practices.
- The test suite has been modified to work with macOS System
Integrity Protection enabled.
- The test suite incorporates soft-pkcs11 so that PKINIT PKCS11
support can always be tested.
`Pre-authentication mechanisms` `Pre-authentication mechanisms`
- PW-SALT :rfc:`4120#section-5.2.7.3` - PW-SALT :rfc:`4120#section-5.2.7.3`
- ENC-TIMESTAMP :rfc:`4120#section-5.2.7.2` - ENC-TIMESTAMP :rfc:`4120#section-5.2.7.2`
- SAM-2 - SAM-2
- FAST negotiation framework (release 1.8) :rfc:`6113` - FAST negotiation framework (release 1.8) :rfc:`6113`
- PKINIT with FAST on client (release 1.10) :rfc:`6113` - PKINIT with FAST on client (release 1.10) :rfc:`6113`
- PKINIT :rfc:`4556` - PKINIT :rfc:`4556`
- FX-COOKIE :rfc:`6113#section-5.2` - FX-COOKIE :rfc:`6113#section-5.2`
- S4U-X509-USER (release 1.8) https://msdn.microsoft.com/en- us/library/cc246091 - S4U-X509-USER (release 1.8) https://msdn.microsoft.com/en- us/library/cc246091
 End of changes. 3 change blocks. 
4 lines changed or deleted 73 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)