License - :ref:`mitK5license`
Releases:
- - Latest stable: https://web.mit.edu/kerberos/krb5-1.20/
- - Supported: https://web.mit.edu/kerberos/krb5-1.19/
+ - Latest stable: https://web.mit.edu/kerberos/krb5-1.22/
+ - Supported: https://web.mit.edu/kerberos/krb5-1.21/
- Release cycle: approximately 12 months
Supported platforms \/ OS distributions:
- Improved the test framework's detection of memory errors in daemon
processes when used with asan.
+Release 1.21
+
+* User experience:
+
+ - The libdefaults configuration variable "request_timeout" can be
+ set to limit the total timeout for KDC requests. When making a
+ KDC request, the client will now wait indefinitely (or until the
+ request timeout has elapsed) on a KDC which accepts a TCP
+ connection, without contacting any additional KDCs. Clients will
+ make fewer DNS queries in some configurations.
+
+ - The realm configuration variable "sitename" can be set to cause
+ the client look for site-specific DNS records when making KDC
+ requests.
+
+* Developer experience:
+
+ - The profile library supports the modification of empty profiles
+ and the copying of modified profiles, making it possible to
+ construct an in-memory profile and pass it to
+ krb5_init_context_profile().
+
+ - GSS-API applications can pass the GSS_C_CHANNEL_BOUND flag to
+ gss_init_sec_context() to request strict enforcement of channel
+ bindings by the acceptor.
+
+* Protocol evolution:
+
+ - PKINIT has support for elliptic curve client certificates and for
+ ECDH key exchange.
+
+ - The IAKERB implementation has been changed to comply with the
+ standard.
+
+* Code quality:
+
+ - Old-style function declarations have been removed, to accomodate
+ compilers removing support for them.
+
+ - OSS-Fuzz support has been added to the project's continuous
+ integration infrastructure.
+
+ - GSS per-message token parsing code has been rewritten for improved
+ safety.
+
`Pre-authentication mechanisms`
- PW-SALT :rfc:`4120#section-5.2.7.3`
projects / thirdparty / krb5.git / commitdiff
