[31231] in CVS-changelog-for-Kerberos-V5
krb5 commit: Update features list for 1.21
daemon@ATHENA.MIT.EDU (ghudson@mit.edu)
Thu Apr 13 16:51:10 2023
From: ghudson@mit.edu
To: <cvs-krb5@mit.edu>
Message-ID: <20230413205039.245A61052B4@krbdev.mit.edu>
Date: Thu, 13 Apr 2023 16:50:39 -0400 (EDT)
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/49d6ae210d3b376f3263b171709e75fd74b9dd8b
commit 49d6ae210d3b376f3263b171709e75fd74b9dd8b
Author: Greg Hudson <ghudson@mit.edu>
Date: Thu Apr 13 12:27:03 2023 -0400
Update features list for 1.21
doc/mitK5features.rst | 42 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 42 insertions(+)
diff --git a/doc/mitK5features.rst b/doc/mitK5features.rst
index ca2d6ef11..10effcf17 100644
--- a/doc/mitK5features.rst
+++ b/doc/mitK5features.rst
@@ -642,6 +642,48 @@ Release 1.20
- Converted the remaining Tcl tests to Python.
+Release 1.21
+
+* User experience:
+
+ - Added a credential cache type providing compatibility with the
+ macOS 11 native credential cache.
+
+* Developer experience:
+
+ - libkadm5 will use the provided krb5_context object to read
+ configuration values, instead of creating its own.
+
+ - Added an interface to retrieve the ticket session key from a GSS
+ context.
+
+* Protocol evolution:
+
+ - The KDC will no longer issue tickets with RC4 or triple-DES
+ session keys unless explicitly configured with the new allow_rc4
+ or allow_des3 variables respectively.
+
+ - The KDC will assume that all services can handle aes256-sha1
+ session keys unless the service principal has a session_enctypes
+ string attribute.
+
+ - Support for PAC full KDC checksums has been added to mitigate an
+ S4U2Proxy privilege escalation attack.
+
+ - The PKINIT client will advertise a more modern set of supported
+ CMS algorithms.
+
+* Code quality:
+
+ - Removed unused code in libkrb5, libkrb5support, and the PKINIT
+ module.
+
+ - Modernized the KDC code for processing TGS requests, the code for
+ encrypting and decrypting key data, the PAC handling code, and the
+ GSS library packet parsing and composition code.
+
+ - Improved the test framework's detection of memory errors in daemon
+ processes when used with asan.
`Pre-authentication mechanisms`
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
