[29752] in CVS-changelog-for-Kerberos-V5
krb5 commit [krb5-1.15]: Update features list for 1.15
daemon@ATHENA.MIT.EDU (Tom Yu)
Mon Oct 24 17:07:17 2016
Date: Mon, 24 Oct 2016 17:07:13 -0400
From: Tom Yu <tlyu@mit.edu>
Message-Id: <201610242107.u9OL7D7M011605@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/cc1909ae1cfbb93d15fcfd1bfb878a92309475a3
commit cc1909ae1cfbb93d15fcfd1bfb878a92309475a3
Author: Tom Yu <tlyu@mit.edu>
Date: Mon Oct 24 14:05:41 2016 -0400
Update features list for 1.15
(cherry picked from commit 6872044bb52fdbbcbb965fe5dcb3e1da2755ae82)
ticket: 8510
version_fixed: 1.15
doc/mitK5features.rst | 56 +++++++++++++++++++++++++++++++++++++++++++++---
1 files changed, 52 insertions(+), 4 deletions(-)
diff --git a/doc/mitK5features.rst b/doc/mitK5features.rst
index cdcb04f..b4e4b8b 100644
--- a/doc/mitK5features.rst
+++ b/doc/mitK5features.rst
@@ -19,8 +19,8 @@ Quick facts
License - :ref:`mitK5license`
Releases:
- - Latest stable: http://web.mit.edu/kerberos/krb5-1.14/
- - Supported: http://web.mit.edu/kerberos/krb5-1.13/
+ - Latest stable: http://web.mit.edu/kerberos/krb5-1.15/
+ - Supported: http://web.mit.edu/kerberos/krb5-1.14/
- Release cycle: 9 -- 12 months
Supported platforms \/ OS distributions:
@@ -80,8 +80,6 @@ Starting from release 1.8:
`Heimdal`
-* Support for reading Heimdal database starting from release 1.8
-
* Support for KCM credential cache starting from release 1.13
Feature list
@@ -261,6 +259,56 @@ Release 1.14
full resync, and do not require two full resyncs after the master
KDC's log file is reset.
+Release 1.15
+
+* Administrator experience:
+
+ - Add support to kadmin for remote extraction of current keys
+ without changing them (requires a special kadmin permission that
+ is excluded from the wildcard permission), with the exception of
+ highly protected keys.
+
+ - Add a lockdown_keys principal attribute to prevent retrieval of
+ the principal's keys (old or new) via the kadmin protocol. In
+ newly created databases, this attribute is set on the krbtgt and
+ kadmin principals.
+
+ - Restore recursive dump capability for DB2 back end, so sites can
+ more easily recover from database corruption resulting from power
+ failure events.
+
+ - Add DNS auto-discovery of KDC and kpasswd servers from URI
+ records, in addition to SRV records. URI records can convey TCP
+ and UDP servers and master KDC status in a single DNS lookup, and
+ can also point to HTTPS proxy servers.
+
+ - Add support for password history to the LDAP back end.
+
+ - Add support for principal renaming to the LDAP back end.
+
+ - Use the getrandom system call on supported Linux kernels to avoid
+ blocking problems when getting entropy from the operating system.
+
+* Code quality:
+
+ - Clean up numerous compilation warnings.
+
+ - Remove various infrequently built modules, including some preauth
+ modules that were not built by default.
+
+* Developer experience:
+
+ - Add support for building with OpenSSL 1.1.
+
+ - Use SHA-256 instead of MD5 for (non-cryptographic) hashing of
+ authenticators in the replay cache. This helps sites that must
+ build with FIPS 140 conformant libraries that lack MD5.
+
+* Protocol evolution:
+
+ - Add support for the AES-SHA2 enctypes, which allows sites to
+ conform to Suite B crypto requirements.
+
`Pre-authentication mechanisms`
- PW-SALT :rfc:`4120#section-5.2.7.3`
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
