diff options
-rw-r--r-- | doc/mitK5features.rst | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/doc/mitK5features.rst b/doc/mitK5features.rst index ca2d6ef..10effcf 100644 --- a/doc/mitK5features.rst +++ b/doc/mitK5features.rst @@ -642,6 +642,48 @@ Release 1.20 - Converted the remaining Tcl tests to Python. +Release 1.21 + +* User experience: + + - Added a credential cache type providing compatibility with the + macOS 11 native credential cache. + +* Developer experience: + + - libkadm5 will use the provided krb5_context object to read + configuration values, instead of creating its own. + + - Added an interface to retrieve the ticket session key from a GSS + context. + +* Protocol evolution: + + - The KDC will no longer issue tickets with RC4 or triple-DES + session keys unless explicitly configured with the new allow_rc4 + or allow_des3 variables respectively. + + - The KDC will assume that all services can handle aes256-sha1 + session keys unless the service principal has a session_enctypes + string attribute. + + - Support for PAC full KDC checksums has been added to mitigate an + S4U2Proxy privilege escalation attack. + + - The PKINIT client will advertise a more modern set of supported + CMS algorithms. + +* Code quality: + + - Removed unused code in libkrb5, libkrb5support, and the PKINIT + module. + + - Modernized the KDC code for processing TGS requests, the code for + encrypting and decrypting key data, the PAC handling code, and the + GSS library packet parsing and composition code. + + - Improved the test framework's detection of memory errors in daemon + processes when used with asan. `Pre-authentication mechanisms` |