|Reported by:||Fernando de Oliveira||Owned by:||Fernando de Oliveira|
Administrator experience: Add support for accessing KDCs via an HTTPS proxy server using the MS-KKDCP protocol. Add support for hierarchical incremental propagation, where slaves can act as intermediates between an upstream master and other downstream slaves. Add support for configuring GSS mechanisms using /etc/gss/mech.d/*.conf files in addition to /etc/gss/mech. Add support to the LDAP KDB module for binding to the LDAP server using SASL. The KDC listens for TCP connections by default. Fix a minor key disclosure vulnerability where using the "keepold" option to the kadmin randkey operation could return the old keys. [CVE-2014-5351] User experience: Add client support for the Kerberos Cache Manager protocol. If the host is running a Heimdal kcm daemon, caches served by the daemon can be accessed with the KCM: cache type. When built on OS X 10.7 and higher, use "KCM:" as the default cache type, unless overridden by command-line options or krb5-config values. Performance: Add support for doing unlocked database dumps for the DB2 KDC back end, which would allow the KDC and kadmind to continue accessing the database during lengthy database dumps.
Change History (2)
Note: See TracTickets for help on using tickets.