January through March 2010
In the first Quarter of 2010, the Kerberos Consortium released Kerberos 1.8 with a number of important features requested by our customers and user community. High on the list of features is Crypto Modularity, which was requested by several organizations for government FIPS-140 compliance. This feature allows users to insert/replace our crypto library with their own FIPS-140 compliant library. Another simple (but often overlooked feature) is automatic password lock-out, in which the administrator can tailor the number/frequency of allowable erroneous password entries (leading to users being automatically locked out). Due to the heavy use of Kerberos in the government organizations, another feature added was pre-authentication support. This allows client computers with no previous transactions with the KDC Server to boot-up trust with the KDC by secure establishing the long-term cryptographic key, which is the starting point for the Kerberos authentication protocol. Finally, we have also begun code quality improvements and re-architecting, which is an undertaking that may take several months.
In addition to Rel 1.8, we have also addressed a number of security vulnerabilities found in our previous Rel 1.7. These improvements addressed numerous bugs reported by the user and developer community. As part of this general effort to improve the security quality of the MIT Kerberos code-base, we have also taken some design decisions that would discourage users from deploying weak cryptographic algorithms (such as DES). The improvements have been announced as Rel. 1.7.1.
October through December 2009
...