Upload
inga-sims
View
24
Download
0
Embed Size (px)
DESCRIPTION
Update on MIT Kerberos. Tom Yu MIT Kerberos Consortium May 21, 2008. Overview. Kerberos Consortium Ongoing Changes Release Planning. Kerberos Consortium. Launch event September 27, 2008 Executive Advisory Board Helps set priorities Apple, Google, MIT, Microsoft, Sun. Ongoing Changes. - PowerPoint PPT Presentation
Citation preview
www.kerberos.org © 2007 The MIT Kerberos Consortium. All Rights Reserved.
Update on MIT Kerberos
Tom Yu
MIT Kerberos Consortium
May 21, 2008
May 21, 2008 2www.kerberos.org © 2008 The MIT Kerberos Consortium. All Rights Reserved.
OverviewKerberos Consortium
Ongoing Changes
Release Planning
May 21, 2008 3www.kerberos.org © 2008 The MIT Kerberos Consortium. All Rights Reserved.
Kerberos ConsortiumLaunch event September 27, 2008
Executive Advisory BoardHelps set priorities
Apple, Google, MIT, Microsoft, Sun
May 21, 2008 4www.kerberos.org © 2008 The MIT Kerberos Consortium. All Rights Reserved.
Ongoing ChangesNew community resources
Wiki for developers – k5wiki.kerberos.org
Source browsers – OpenGrok, FishEye
White papers, tutorials, best practices
Coding style and code review guidelines
More formal procedures
May 21, 2008 5www.kerberos.org © 2008 The MIT Kerberos Consortium. All Rights Reserved.
Planning Process UsedFor full releases (krb5-x.y)
Community inputGoals
Ranking
Estimates of work
Highest-ranked goals assigned to developers based on resources available
May 21, 2008 6www.kerberos.org © 2008 The MIT Kerberos Consortium. All Rights Reserved.
Original krb5-1.7 Goals• Kerberos Identity Management (KIM) API
• GSS-API enhanced error strings
• Unified Credentials Cache API (CCAPI) on Mac OS X and Windows
• Support for GSS-API mechanism glue (“mechglue”) plug-in modules
• Multi-threading support in KDC
• Logging all ticket requests
• Master key rollover
May 21, 2008 7www.kerberos.org © 2008 The MIT Kerberos Consortium. All Rights Reserved.
Revised planning methodologyUnderstand needs, including time constraints
More emphasis on end users
Timelines focus on time-sensitive items
Board members and Sponsors take priority
Delay release if high-priority items not ready
Defer less time-sensitive items if not ready
May 21, 2008 8www.kerberos.org © 2008 The MIT Kerberos Consortium. All Rights Reserved.
Recurring Concerns• Code quality
• Stability
• Operational issues– Incremental propagation– Principal referrals– Key rollover
May 21, 2008 9www.kerberos.org © 2008 The MIT Kerberos Consortium. All Rights Reserved.
Improving Code QualityAdopt standard coding practices
Identify specific regions/patterns to improve
Use Coverity, etc.
Look for “hot spots”
Legacy code risk – krb4 certainly is!
May 21, 2008 10www.kerberos.org © 2008 The MIT Kerberos Consortium. All Rights Reserved.
Proposed New krb5-1.7 Goals• Incremental propagation support
• Removal of krb4 code
• Kerberos Identity Management (KIM) API
• Improved master key & service key rollover
• Enhanced GSS-API error messages
• Cross-platform CCAPI on Mac and Windows
• Improved client-side & KDC-side referrals
• Collision avoidance for replay cache
• Logging of all ticket requests
May 21, 2008 11www.kerberos.org © 2008 The MIT Kerberos Consortium. All Rights Reserved.
Dropped or Deferred• Multi-threaded KDC – security concerns
• GSS-API “mechglue” plug-in support
May 21, 2008 12www.kerberos.org © 2008 The MIT Kerberos Consortium. All Rights Reserved.
krb5-1.7 Release StatusRough timeline
Branch around Sep. 2008
Release around Dec. 2008
Dates subject to change
Daptiv PPM for project tracking
Completed:CCAPI for Mac OS X and Windows
GSS-API enhanced error messages