krb5-1.11-beta2 is available

Tom Yu tlyu at MIT.EDU
Wed Dec 12 22:23:00 EST 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MIT krb5-1.11-beta2 is now available for download from

         http://web.mit.edu/kerberos/dist/testing.html

The main MIT Kerberos web page is

         http://web.mit.edu/kerberos/

Please send comments to the krbdev list.  The final release will
probably occur early next week.  The README file contains a more
extensive list of changes.

Changes since 1.11-beta1 (from a README diff):

+7447    Fix warnings in doc build
+7455    Documentation: table formating and ref correction in MIT
+        features
+7456    Documentation: Update 1.11 feature list
+7457    camellia needs key_cleanup() routine
+7459    Remove broken clean_hostname trace messages
+7460    Add first-introduced version for
+        krb5_get_init_creds_opt_set_in_ccache() in doxygen markup
+7461    Remove .doctrees when cleaning src/doc
+7462    Move Release tag to the footer in Sphinx html documentation
+7464    Remove "Test coverage" topic from Sphinx documentation
+7466    Do not generate unused parts of toctree
+7467    Do not include hidden files in the sidebar
+7468    Make sphinx warnings fatal for doc build
+7469    Reformat RST to avoid sphinx warnings
+7470    Note notice.txt's dependency on version.py
+7471    Fix typo
+7472    Document parameter expansion for keytab and ccache
+        configuration options
+7474    Update comments about conflicting KRB5_KEYUSAGE_PA types
+7477    Document account lockout configuration
+7479    Build fixes for windows
+7480    Cross-reference account lockout documentation
+7482    Make resources.rst more useful to non-devs
+7483    KDC can return host referral to its own realm
+7488    Various nits in krb5-1.10.3
+7489    Do not document unused symbols
+7490    Update comments for RFC 3244 kpasswd extensions
+7491    Make building docs easier in an unconfigured tree
+7494    Regenerate checked-in man pages
+7496    Document API for getting anonymous tickets

Major changes in 1.11
=====================
Additional background information on these changes may be found at

    http://k5wiki.kerberos.org/wiki/Release_1.11

and

    http://k5wiki.kerberos.org/wiki/Category:Release_1.11_projects

Code quality:

* Improve ASN.1 support code, making it table-driven for decoding as
  well as encoding

* Refactor parts of KDC

Developer experience:

* Documentation consolidation

* Add a new API krb5_kt_have_content() to determine whether a keytab
  exists and contains any entries.

* Add a new API krb5_cccol_have_content() to determine whether the
  ccache collection contains any credentials.

* Add a new API krb5_kt_client_default() to resolve the default client
  keytab.

* Add new APIs gss_export_cred and gss_import_cred to serialize and
  unserialize GSSAPI credentials.

* Add a krb5_get_init_creds_opt_set_in_ccache() option.

* Add get_cc_config() and set_cc_config() clpreauth callbacks for
  getting string attribute values from an in_ccache and storing them
  in an out_ccache, respectively.

* Add a plugin interface for GSSAPI interposer mechanisms.

* Add an optional responder callback to the krb5_get_init_creds
  functions. The responder callback can consider and answer all
  preauth-related questions at once, and can process more complicated
  questions than the prompter.

* Add a method to the clpreauth interface to allow modules to supply
  response items for consideration by the responder callback.

* Projects/Password_response_item

* Add GSSAPI extensions to allow callers to specify credential store
  locations when acquiring or storing credentials

* Add a new API krb5_kt_client_default() to resolve the default client
  keytab.

Administrator experience:

* Documentation consolidation

* Add parameter expansion for default_keytab_name and
  default_client_keytab_name profile variables.

* Add new default_ccache_name profile variable to override the
  built-in default credential cache name.

* Add configure-time support for changing the built-in ccache and
  keytab names.

* Add krb5-config options for displaying the built-in ccache and
  keytab names.

* In the default build, use the system's built-in ccache and keytab
  names if they can be discovered using krb5-config.

* Add support for a "default client keytab". Its location is
  determined by the KRB5_CLIENT_KTNAME environment variable, the
  default_client_keytab profile relation, or a hardcoded path (TBD).

* GSSAPI initiator applications can now acquire credentials
  automatically from the default client keytab, if one is available.

* Add client support for FAST OTP (RFC 6560)

End-user experience:

* Documentation consolidation

* Store metadata in the ccache about how a credential was acquired, to
  improve the user's experience when reacquiring

* Projects/Extensible_Policy

Performance:

* Improve KDC lookaside cache performance

Protocol evolution:

* Add client support for FAST OTP (RFC 6560)

* Build Camellia encryption support by default
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)

iQEVAwUBUMlKGhUCTNN0nXiJAQLyIAgAmTl9O1TByC0+6xziZpoQH4cv5FMR62Ox
joFrqXe6hIg+h8F9NEva93N+nn7nitf71YNu58VvmgffvkqFCRJTK8Fzn1tWga0Y
wP7gynTHj9Xttt6PJwQW2Sn2zkGaD0CmLzno4I2kCBXx+6rz+foINiYMfkJaCyjK
c6SrK82pXcVxSVpbJT9y1CQPNbZ5fizCc49eu9MC2/AWGkaAY8+o8Tcof91Pe2CP
zMhPujOsSjvx2Q9ejWiwN4WPauKqY0YB7fN4Ib+2pb/8oDFaf3tnl73vQBZdD0oZ
VMHOnFoLdjG/PXnHBxrqrGdkVLpQvKPMaIPR7kUNa37IUETlRvVWAA==
=KDEB
-----END PGP SIGNATURE-----

More information about the krbdev mailing list