diff options
| author | Zhanna Tsitkov <tsitkova@mit.edu> | 2012-11-21 14:45:44 -0500 |
|---|---|---|
| committer | Zhanna Tsitkov <tsitkova@mit.edu> | 2012-11-26 13:10:49 -0500 |
| commit | 433329ec97598c14f8b64af3e6be7745501b7142 (patch) | |
| tree | 57f61b16d10157493d83802bc271ac28a81bf2fe /doc/mitK5features.rst | |
| parent | d5aac5c1a010410e79cce4219e618d9ce27d8621 (diff) | |
| download | krb5-433329ec97598c14f8b64af3e6be7745501b7142.tar.gz krb5-433329ec97598c14f8b64af3e6be7745501b7142.tar.xz krb5-433329ec97598c14f8b64af3e6be7745501b7142.zip | |
Update feature list in the documentation
In Quick facts section:
- restructure the Supported platforms section;
- do not tie KfW to 1.11 release;
- move references to GSS-API extensions to Feature list table.
In Feature list section:
- reformat the table;
- move PRNG and Pre-auth mechanisms into their own tables;
- clarify GS2 feature description;
- reference rfc6680 for GSS-API naming extensions.
Lowercase the words in the title of the document.
ticket: 7455
Diffstat (limited to 'doc/mitK5features.rst')
| -rw-r--r-- | doc/mitK5features.rst | 160 |
1 files changed, 83 insertions, 77 deletions
diff --git a/doc/mitK5features.rst b/doc/mitK5features.rst index 9da9133060..97e031b9c4 100644 --- a/doc/mitK5features.rst +++ b/doc/mitK5features.rst @@ -2,7 +2,7 @@ .. _mitK5features: -MIT Kerberos Features +MIT Kerberos features ===================== http://web.mit.edu/kerberos @@ -11,38 +11,33 @@ http://web.mit.edu/kerberos Quick facts ----------- - ====================================================== ======================================= ============================================================================= - License :ref:`mitK5license` - Latest stable version http://web.mit.edu/kerberos/krb5-1.10/ - Supported versions http://web.mit.edu/kerberos/krb5-1.9/ - Release cycle 9 - 12 months - Supported platforms/OS distributions Solaris - - SPARC - - x86_64/x86 - GNU/Linux - - Debian x86_64/x86 - - Ubuntu x86_64/x86 - - RedHat x86_64/x86 - BSD - - NetBSD x86_64/x86 - Windows 7, Vista, XP KFW 4.0 - available 1.11+ - Crypto backends - OpenSSL 1.0\+ - http://www.openssl.org - - builtin - MIT Kerberos native crypto library - - NSS 3.12.9\+ - Mozilla's Network Security Services. - http://www.mozilla.org/projects/security/pki/nss - Database backends - LDAP - - DB2 - krb4 support < 1.8 - DES support configurable http://k5wiki.kerberos.org/wiki/Projects/Disable_DES - GSS-API S4U extensions 1.8+ http://msdn.microsoft.com/en-us/library/cc246071 - - S4U2Self - - S4U2Proxy - GSS-API naming extensions 1.8+ http://tools.ietf.org/html/draft-ietf-kitten-gssapi-naming-exts-11 - - GSS-API extensions for storing delegated credentials 1.8+ :rfc:`5588` - - ====================================================== ======================================= ============================================================================= - + ========================================= ========================== ==================================================================== + License :ref:`mitK5license` + Latest stable version http://web.mit.edu/kerberos/krb5-1.10/ + Supported versions http://web.mit.edu/kerberos/krb5-1.9/ + Release cycle 9 - 12 months + Supported platforms \/ OS distributions Windows (KfW 4.0) + - Windows 7 + - Vista + - XP + Solaris + - SPARC + - x86_64/x86 + GNU/Linux + - Debian x86_64/x86 + - Ubuntu x86_64/x86 + - RedHat x86_64/x86 + BSD + - NetBSD x86_64/x86 + Crypto backends - builtin - MIT Kerberos native crypto library + - OpenSSL 1.0\+ - http://www.openssl.org + - NSS 3.12.9\+ - Mozilla's Network Security Services \ + http://www.mozilla.org/projects/security/pki/nss + Database backends - LDAP + - DB2 + krb4 support < 1.8 + DES support configurable http://k5wiki.kerberos.org/wiki/Projects/Disable_DES + ========================================= ========================== ==================================================================== Interoperabiity --------------- @@ -81,7 +76,7 @@ Starting from version 1.7: Starting from version 1.8: -* Microsoft Services for User (S4U) compatibility` +* Microsoft Services for User (S4U) compatibility Heimdal @@ -93,49 +88,60 @@ Heimdal Feature list ------------ - =============================================== =========== ============================================ - \ Available Additional information - =============================================== =========== ============================================ - Credentials delegation 1.7 :rfc:`5896` - Cross-realm authentication and referrals 1.7 http://tools.ietf.org/html/draft-ietf-krb-wg-kerberos-referrals-12 - Master key migration 1.7 http://k5wiki.kerberos.org/wiki/Projects/Master_Key_Migration - PKINIT 1.7 :rfc:`4556` - Anonymous PKINIT 1.8 :rfc:`6112` http://k5wiki.kerberos.org/wiki/Projects/Anonymous_pkinit - Constrained delegation 1.8 http://k5wiki.kerberos.org/wiki/Projects/ConstrainedDelegation - IAKERB 1.8 http://tools.ietf.org/html/draft-ietf-krb-wg-iakerb-02 - Heimdal bridge plugin for KDC backend 1.8 - Advance warning on password expiry 1.9 - Camellia encryption (CTS-CMAC mode) 1.9 http://tools.ietf.org/html/draft-ietf-krb-wg-camellia-cts-02 - KDC support for SecurID preauthentication 1.9 http://k5wiki.kerberos.org/wiki/Projects/SecurID_SAM_support - kadmin over IPv6 1.9 - Trace logging 1.9 http://k5wiki.kerberos.org/wiki/Projects/Trace_logging + ===================================================== ========= ============================================ + \ Available Additional information + ===================================================== ========= ============================================ + Credentials delegation 1.7 :rfc:`5896` + Cross-realm authentication and referrals 1.7 http://tools.ietf.org/html/draft-ietf-krb-wg-kerberos-referrals-12 + Master key migration 1.7 http://k5wiki.kerberos.org/wiki/Projects/Master_Key_Migration + PKINIT 1.7 :rfc:`4556` + Anonymous PKINIT 1.8 :rfc:`6112` http://k5wiki.kerberos.org/wiki/Projects/Anonymous_pkinit + Constrained delegation 1.8 http://k5wiki.kerberos.org/wiki/Projects/ConstrainedDelegation + IAKERB 1.8 http://tools.ietf.org/html/draft-ietf-krb-wg-iakerb-02 + Heimdal bridge plugin for KDC backend 1.8 + GSS-API S4U extensions 1.8 http://msdn.microsoft.com/en-us/library/cc246071 + GSS-API naming extensions 1.8 :rfc:`6680` + GSS-API extensions for storing delegated credentials 1.8 :rfc:`5588` + Advance warning on password expiry 1.9 + Camellia encryption (CTS-CMAC mode) 1.9 http://tools.ietf.org/html/draft-ietf-krb-wg-camellia-cts-02 + KDC support for SecurID preauthentication 1.9 http://k5wiki.kerberos.org/wiki/Projects/SecurID_SAM_support + kadmin over IPv6 1.9 + Trace logging 1.9 http://k5wiki.kerberos.org/wiki/Projects/Trace_logging GSSAPI/KRB5 multi-realm support - Plugin to test password quality 1.9 http://k5wiki.kerberos.org/wiki/Projects/Password_quality_pluggable_interface - Plugin to synchronize password changes 1.9 - Parallel KDC 1.9 - GS2 1.9 :rfc:`5801` :rfc:`5587` http://k5wiki.kerberos.org/wiki/Projects/GS2 - Purging old keys 1.9 - Naming extensions for delegation chain 1.9 - Password expiration API 1.9 - Windows client support (build-only) 1.9 - pre-auth mechanisms: - - PW-SALT :rfc:`4120#section-5.2.7.3` - - ENC-TIMESTAMP :rfc:`4120#section-5.2.7.2` - - SAM-2 - - FAST negotiation framework 1.8 :rfc:`6113` - - PKINIT with FAST on client 1.10 :rfc:`6113` - - PKINIT :rfc:`4556` - - FX-COOKIE :rfc:`6113#section-5.2` - - S4U-X509-USER 1.8 http://msdn.microsoft.com/en-us/library/cc246091 - - PRNG - - modularity: 1.9 - - Yarrow PRNG < 1.10 - - Fortuna PRNG 1.9 http://www.schneier.com/book-practical.html - - OS PRNG 1.10 OS's native PRNG + Plugin to test password quality 1.9 http://k5wiki.kerberos.org/wiki/Projects/Password_quality_pluggable_interface + Plugin to synchronize password changes 1.9 + Parallel KDC 1.9 + GSS-API extentions for SASL GS2 bridge 1.9 :rfc:`5801` :rfc:`5587` http://k5wiki.kerberos.org/wiki/Projects/GS2 + Purging old keys 1.9 + Naming extensions for delegation chain 1.9 + Password expiration API 1.9 + Windows client support (build-only) 1.9 Zero configuration IPv6 support in iprop - Plugin interface for configuration 1.10 http://k5wiki.kerberos.org/wiki/Projects/Pluggable_configuration - Credentials for multiple identities 1.10 http://k5wiki.kerberos.org/wiki/Projects/Client_principal_selection - =============================================== =========== ============================================ - + Plugin interface for configuration 1.10 http://k5wiki.kerberos.org/wiki/Projects/Pluggable_configuration + Credentials for multiple identities 1.10 http://k5wiki.kerberos.org/wiki/Projects/Client_principal_selection + ===================================================== ========= ============================================ + +\ + Pre-auth mechanisms + + ============================= ======= ==================================================== + PW-SALT :rfc:`4120#section-5.2.7.3` + ENC-TIMESTAMP :rfc:`4120#section-5.2.7.2` + SAM-2 + FAST negotiation framework 1.8 :rfc:`6113` + PKINIT with FAST on client 1.10 :rfc:`6113` + PKINIT :rfc:`4556` + FX-COOKIE :rfc:`6113#section-5.2` + S4U-X509-USER 1.8 http://msdn.microsoft.com/en-us/library/cc246091 + ============================= ======= ==================================================== + +\ + PRNG + + =============== ========= ============================================== + modularity 1.9 + Yarrow PRNG < 1.10 + Fortuna PRNG 1.9 http://www.schneier.com/book-practical.html + OS PRNG 1.10 OS's native PRNG + =============== ========= ============================================== |