diff options
author | Greg Hudson <ghudson@mit.edu> | 2023-04-13 12:27:03 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2023-04-13 12:27:03 -0400 |
commit | 49d6ae210d3b376f3263b171709e75fd74b9dd8b (patch) | |
tree | f2110cf46871e734d832fb0193dca4d1ff9da929 /doc | |
parent | 2928f4f1682ee6245cec1f3c6d9d4b9bf30f8ee1 (diff) | |
download | krb5-49d6ae210d3b376f3263b171709e75fd74b9dd8b.zip krb5-49d6ae210d3b376f3263b171709e75fd74b9dd8b.tar.gz krb5-49d6ae210d3b376f3263b171709e75fd74b9dd8b.tar.bz2 |
Update features list for 1.21
Diffstat (limited to 'doc')
-rw-r--r-- | doc/mitK5features.rst | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/doc/mitK5features.rst b/doc/mitK5features.rst index ca2d6ef..10effcf 100644 --- a/doc/mitK5features.rst +++ b/doc/mitK5features.rst @@ -642,6 +642,48 @@ Release 1.20 - Converted the remaining Tcl tests to Python. +Release 1.21 + +* User experience: + + - Added a credential cache type providing compatibility with the + macOS 11 native credential cache. + +* Developer experience: + + - libkadm5 will use the provided krb5_context object to read + configuration values, instead of creating its own. + + - Added an interface to retrieve the ticket session key from a GSS + context. + +* Protocol evolution: + + - The KDC will no longer issue tickets with RC4 or triple-DES + session keys unless explicitly configured with the new allow_rc4 + or allow_des3 variables respectively. + + - The KDC will assume that all services can handle aes256-sha1 + session keys unless the service principal has a session_enctypes + string attribute. + + - Support for PAC full KDC checksums has been added to mitigate an + S4U2Proxy privilege escalation attack. + + - The PKINIT client will advertise a more modern set of supported + CMS algorithms. + +* Code quality: + + - Removed unused code in libkrb5, libkrb5support, and the PKINIT + module. + + - Modernized the KDC code for processing TGS requests, the code for + encrypting and decrypting key data, the PAC handling code, and the + GSS library packet parsing and composition code. + + - Improved the test framework's detection of memory errors in daemon + processes when used with asan. `Pre-authentication mechanisms` |