Update on MIT Kerberos
description
Transcript of Update on MIT Kerberos
![Page 1: Update on MIT Kerberos](https://reader030.fdocuments.in/reader030/viewer/2022032709/56813282550346895d991d08/html5/thumbnails/1.jpg)
www.kerberos.org © 2007 The MIT Kerberos Consortium. All Rights Reserved.
Update on MIT Kerberos
Tom Yu
MIT Kerberos Consortium
May 21, 2008
![Page 2: Update on MIT Kerberos](https://reader030.fdocuments.in/reader030/viewer/2022032709/56813282550346895d991d08/html5/thumbnails/2.jpg)
May 21, 2008 2www.kerberos.org © 2008 The MIT Kerberos Consortium. All Rights Reserved.
OverviewKerberos Consortium
Ongoing Changes
Release Planning
![Page 3: Update on MIT Kerberos](https://reader030.fdocuments.in/reader030/viewer/2022032709/56813282550346895d991d08/html5/thumbnails/3.jpg)
May 21, 2008 3www.kerberos.org © 2008 The MIT Kerberos Consortium. All Rights Reserved.
Kerberos ConsortiumLaunch event September 27, 2008
Executive Advisory BoardHelps set priorities
Apple, Google, MIT, Microsoft, Sun
![Page 4: Update on MIT Kerberos](https://reader030.fdocuments.in/reader030/viewer/2022032709/56813282550346895d991d08/html5/thumbnails/4.jpg)
May 21, 2008 4www.kerberos.org © 2008 The MIT Kerberos Consortium. All Rights Reserved.
Ongoing ChangesNew community resources
Wiki for developers – k5wiki.kerberos.org
Source browsers – OpenGrok, FishEye
White papers, tutorials, best practices
Coding style and code review guidelines
More formal procedures
![Page 5: Update on MIT Kerberos](https://reader030.fdocuments.in/reader030/viewer/2022032709/56813282550346895d991d08/html5/thumbnails/5.jpg)
May 21, 2008 5www.kerberos.org © 2008 The MIT Kerberos Consortium. All Rights Reserved.
Planning Process UsedFor full releases (krb5-x.y)
Community inputGoals
Ranking
Estimates of work
Highest-ranked goals assigned to developers based on resources available
![Page 6: Update on MIT Kerberos](https://reader030.fdocuments.in/reader030/viewer/2022032709/56813282550346895d991d08/html5/thumbnails/6.jpg)
May 21, 2008 6www.kerberos.org © 2008 The MIT Kerberos Consortium. All Rights Reserved.
Original krb5-1.7 Goals• Kerberos Identity Management (KIM) API
• GSS-API enhanced error strings
• Unified Credentials Cache API (CCAPI) on Mac OS X and Windows
• Support for GSS-API mechanism glue (“mechglue”) plug-in modules
• Multi-threading support in KDC
• Logging all ticket requests
• Master key rollover
![Page 7: Update on MIT Kerberos](https://reader030.fdocuments.in/reader030/viewer/2022032709/56813282550346895d991d08/html5/thumbnails/7.jpg)
May 21, 2008 7www.kerberos.org © 2008 The MIT Kerberos Consortium. All Rights Reserved.
Revised planning methodologyUnderstand needs, including time constraints
More emphasis on end users
Timelines focus on time-sensitive items
Board members and Sponsors take priority
Delay release if high-priority items not ready
Defer less time-sensitive items if not ready
![Page 8: Update on MIT Kerberos](https://reader030.fdocuments.in/reader030/viewer/2022032709/56813282550346895d991d08/html5/thumbnails/8.jpg)
May 21, 2008 8www.kerberos.org © 2008 The MIT Kerberos Consortium. All Rights Reserved.
Recurring Concerns• Code quality
• Stability
• Operational issues– Incremental propagation– Principal referrals– Key rollover
![Page 9: Update on MIT Kerberos](https://reader030.fdocuments.in/reader030/viewer/2022032709/56813282550346895d991d08/html5/thumbnails/9.jpg)
May 21, 2008 9www.kerberos.org © 2008 The MIT Kerberos Consortium. All Rights Reserved.
Improving Code QualityAdopt standard coding practices
Identify specific regions/patterns to improve
Use Coverity, etc.
Look for “hot spots”
Legacy code risk – krb4 certainly is!
![Page 10: Update on MIT Kerberos](https://reader030.fdocuments.in/reader030/viewer/2022032709/56813282550346895d991d08/html5/thumbnails/10.jpg)
May 21, 2008 10www.kerberos.org © 2008 The MIT Kerberos Consortium. All Rights Reserved.
Proposed New krb5-1.7 Goals• Incremental propagation support
• Removal of krb4 code
• Kerberos Identity Management (KIM) API
• Improved master key & service key rollover
• Enhanced GSS-API error messages
• Cross-platform CCAPI on Mac and Windows
• Improved client-side & KDC-side referrals
• Collision avoidance for replay cache
• Logging of all ticket requests
![Page 11: Update on MIT Kerberos](https://reader030.fdocuments.in/reader030/viewer/2022032709/56813282550346895d991d08/html5/thumbnails/11.jpg)
May 21, 2008 11www.kerberos.org © 2008 The MIT Kerberos Consortium. All Rights Reserved.
Dropped or Deferred• Multi-threaded KDC – security concerns
• GSS-API “mechglue” plug-in support
![Page 12: Update on MIT Kerberos](https://reader030.fdocuments.in/reader030/viewer/2022032709/56813282550346895d991d08/html5/thumbnails/12.jpg)
May 21, 2008 12www.kerberos.org © 2008 The MIT Kerberos Consortium. All Rights Reserved.
krb5-1.7 Release StatusRough timeline
Branch around Sep. 2008
Release around Dec. 2008
Dates subject to change
Daptiv PPM for project tracking
Completed:CCAPI for Mac OS X and Windows
GSS-API enhanced error messages