upvote

points

by ptx10 hours ago |
comments
upvoteby cryptonector3 hours ago|
next
[-]
Because we (Heimdal) need to make a release, darn it. I'm going to cut an 8.0 beta within a week or two.

Basically, an 8.0 release is super pent up -- years. It's got lots of very necessary stuff, including support for the extended GSS-API "cred store" APIs, which are very handy. Lots of iprop enhancements, "virtual service principal namespaces", "synthetic client principals", lots of PKINIT enhancements, modern public key cryptography (but not PQ), etc.

The issue is that the maintainers (myself included) have been busy with other things. But the pressure to do a release has ramped up significantly recently.

reply
upvoteby lukeh2 hours ago|
parent|
[-]
Also things like support for GSS-API pre-authentication mechanisms (so, you can use an arbitrary security mechanism such as EAP to authenticate yourself to the KDC), the new SAnon mechanism, pulling in some changes from Apple's fork, replacing builtin crypto with OpenSSL, etc. Lack of release has been typical OSS lack of resources: no one is paid to work on Heimdal full time.
reply
upvoteby cryptonector1 hours ago|
parent|
[-]
Oh yeah, it's huge.

Also included are experimental:

- httpkadmind (which together with virtual service principal namespaces makes a very nice keytab orchestration system)

- bx509d (an online CA)

- JWT support for the above

reply
upvoteby p_ing6 hours ago|
prev|
[-]
This [0] may provide a hint. Heimdal was developed outside of the US and not subject to export restrictions, unlike MIT. So perhaps in the beginning it wasn’t the package of choice to begin with.

And this [1] says for interoperability reasons.

[0] https://docs-archive.freebsd.org/doc/11.1-RELEASE/usr/local/...

[1] https://freebsdfoundation.org/project/import-mit-kerberos-in...

reply
upvoteby cryptonector3 hours ago|
parent|
[-]
I don't think that has anything to do with FreeBSD's choice of MIT Kerberos or Heimdal.
reply
upvoteby p_ing2 hours ago|
parent|
[-]
Well, except the FreeBSD Foundation explicitly says MIT was chosen for interoperability.

Are you disputing the FreeBSD Foundation document?

reply
upvoteby cryptonector1 hours ago|
parent|
[-]
Er, sorry, I meant the whole thing about Heimdal being non-U.S. based.
reply