1 / 12

Update on MIT Kerberos

Update on MIT Kerberos. Tom Yu MIT Kerberos Consortium May 21, 2008. Overview. Kerberos Consortium Ongoing Changes Release Planning. Kerberos Consortium. Launch event September 27, 2008 Executive Advisory Board Helps set priorities Apple, Google, MIT, Microsoft, Sun. Ongoing Changes.

inga-sims
Download Presentation

Update on MIT Kerberos

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Update on MIT Kerberos Tom Yu MIT Kerberos Consortium May 21, 2008

  2. Overview • Kerberos Consortium • Ongoing Changes • Release Planning May 21, 2008

  3. Kerberos Consortium • Launch event September 27, 2008 • Executive Advisory Board • Helps set priorities • Apple, Google, MIT, Microsoft, Sun May 21, 2008

  4. Ongoing Changes • New community resources • Wiki for developers – k5wiki.kerberos.org • Source browsers – OpenGrok, FishEye • White papers, tutorials, best practices • Coding style and code review guidelines • More formal procedures May 21, 2008

  5. Planning Process Used • For full releases (krb5-x.y) • Community input • Goals • Ranking • Estimates of work • Highest-ranked goals assigned to developers based on resources available May 21, 2008

  6. Original krb5-1.7 Goals • Kerberos Identity Management (KIM) API • GSS-API enhanced error strings • Unified Credentials Cache API (CCAPI) on Mac OS X and Windows • Support for GSS-API mechanism glue (“mechglue”) plug-in modules • Multi-threading support in KDC • Logging all ticket requests • Master key rollover May 21, 2008

  7. Revised planning methodology • Understand needs, including time constraints • More emphasis on end users • Timelines focus on time-sensitive items • Board members and Sponsors take priority • Delay release if high-priority items not ready • Defer less time-sensitive items if not ready May 21, 2008

  8. Recurring Concerns • Code quality • Stability • Operational issues • Incremental propagation • Principal referrals • Key rollover May 21, 2008

  9. Improving Code Quality • Adopt standard coding practices • Identify specific regions/patterns to improve • Use Coverity, etc. • Look for “hot spots” • Legacy code risk – krb4 certainly is! May 21, 2008

  10. Proposed New krb5-1.7 Goals • Incremental propagation support • Removal of krb4 code • Kerberos Identity Management (KIM) API • Improved master key & service key rollover • Enhanced GSS-API error messages • Cross-platform CCAPI on Mac and Windows • Improved client-side & KDC-side referrals • Collision avoidance for replay cache • Logging of all ticket requests May 21, 2008

  11. Dropped or Deferred • Multi-threaded KDC – security concerns • GSS-API “mechglue” plug-in support May 21, 2008

  12. krb5-1.7 Release Status • Rough timeline • Branch around Sep. 2008 • Release around Dec. 2008 • Dates subject to change • Daptiv PPM for project tracking • Completed: • CCAPI for Mac OS X and Windows • GSS-API enhanced error messages May 21, 2008

More Related