[16553] in Kerberos_V5_Development
krb5-1.9-beta3 is available
daemon@ATHENA.MIT.EDU (Tom Yu)
Thu Dec 16 14:38:33 2010
To: krbdev@mit.edu
From: Tom Yu <tlyu@mit.edu>
Date: Thu, 16 Dec 2010 14:38:23 -0500
Message-ID: <ldv7hf933v4.fsf@cathode-dark-space.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MIT krb5-1.9-beta3 is now available for download from
http://web.mit.edu/kerberos/dist/testing.html
The main MIT Kerberos web page is
http://web.mit.edu/kerberos/
Please send comments to the krbdev list. This is beta release
intended to be the code freeze for the 1.9 release. The final release
will probably occur in the next week. The README file contains a more
extensive list of changes.
Changes since 1.9-beta2 include fixing an Open Directory interop
problem and fixing a regression in the handling of renewable tickets.
Major changes in 1.9
- --------------------
Code quality:
* Fix MITKRB5-SA-2010-007 checksum vulnerabilities (CVE-2010-1324 and others)
* Python-based testing framework
* DAL cleanup
Developer experience:
* NSS crypto back end
* PRNG modularity
* Fortuna-like PRNG
Performance:
* Account lockout performance improvements -- allow disabling of some
account lockout functionality to reduce the number of write
operations to the database during authentication
Administrator experience:
* Trace logging -- for easier diagnosis of configuration problems
* Support for purging old keys (e.g. from "cpw -randkey -keepold")
* Plugin interface for password sync -- based on proposed patches by
Russ Allbery that support his krb5-sync package
* Plugin interface for password quality checks -- enables pluggable
password quality checks similar to Russ Allbery's krb5-strength
package
* Configuration file validator
* KDC support for SecurID preauthentication -- This is the old SAM-2
protocol, implemented to support existing deployments, not the
in-progress FAST-OTP work.
Protocol evolution:
* IAKERB -- a mechanism for tunneling Kerberos KDC transactions over
GSS-API, enabling clients to authenticate to services even when the
clients cannot directly reach the KDC that serves the services.
* Camellia encryption (experimental; disabled by default)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)
iEYEARECAAYFAk0KarIACgkQSO8fWy4vZo7mIgCffTlzKtc1oNjAppU1tG2Fmxgf
SiIAn3B7F2bdUfqu/TTR080apBZx27Qa
=p5s+
-----END PGP SIGNATURE-----
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
