From: Tom Yu <tlyu@mit.edu>
Date: Wed, 15 Oct 2014 21:16:12 +0000 (-0400)
Subject: Update mitK5features.rst for 1.13
X-Git-Tag: krb5-1.13-final~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2d2f7d2ff0012c20dc7f6f62cc5bf5a0e07cb239;p=thirdparty%2Fkrb5.git

Update mitK5features.rst for 1.13
---

diff --git a/doc/mitK5features.rst b/doc/mitK5features.rst
index 63cd4673ea..0afcd6e260 100644
--- a/doc/mitK5features.rst
+++ b/doc/mitK5features.rst
@@ -19,7 +19,8 @@ Quick facts
 License - :ref:`mitK5license`
 
 Releases:
-    - Latest stable: http://web.mit.edu/kerberos/krb5-1.12/
+    - Latest stable: http://web.mit.edu/kerberos/krb5-1.13/
+    - Supported: http://web.mit.edu/kerberos/krb5-1.12/
     - Supported: http://web.mit.edu/kerberos/krb5-1.11/
     - Release cycle: 9 -- 12 months
 
@@ -83,6 +84,7 @@ Starting from release 1.8:
 
 * Support for reading Heimdal database starting from release 1.8
 
+* Support for KCM credential cache starting from release 1.13
 
 Feature list
 ------------
@@ -140,6 +142,36 @@ Release 1.12
  -   FAST OTP preauthentication module for the KDC which uses RADIUS to validate OTP token values :ref:`otp_preauth`
  -   Experimental Audit plugin for KDC processing `Audit project <http://k5wiki.kerberos.org/wiki/Projects/Audit>`_
 
+Release 1.13
+
+ -   Add support for accessing KDCs via an HTTPS proxy server using
+     the `MS-KKDCP
+     <http://msdn.microsoft.com/en-us/library/hh553774.aspx>`_
+     protocol.
+ -   Add support for `hierarchical incremental propagation
+     <http://k5wiki.kerberos.org/wiki/Projects/Hierarchical_iprop>`_,
+     where slaves can act as intermediates between an upstream master
+     and other downstream slaves.
+ -   Add support for configuring GSS mechanisms using
+     ``/etc/gss/mech.d/*.conf`` files in addition to
+     ``/etc/gss/mech``.
+ -   Add support to the LDAP KDB module for `binding to the LDAP
+     server using SASL
+     <http://k5wiki.kerberos.org/wiki/Projects/LDAP_SASL_support>`_.
+ -   The KDC listens for TCP connections by default.
+ -   Fix a minor key disclosure vulnerability where using the
+     "keepold" option to the kadmin randkey operation could return the
+     old keys. `[CVE-2014-5351]
+     <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5351>`_
+ -   Add client support for the Kerberos Cache Manager protocol. If
+     the host is running a Heimdal kcm daemon, caches served by the
+     daemon can be accessed with the KCM: cache type.
+ -   When built on OS X 10.7 and higher, use "KCM:" as the default
+     cachetype, unless overridden by command-line options or
+     krb5-config values.
+ -   Add support for doing unlocked database dumps for the DB2 KDC
+     back end, which would allow the KDC and kadmind to continue
+     accessing the database during lengthy database dumps.
 
 `Pre-authentication mechanisms`