Heimdal Status Report Jeffrey Altman 26 March 2014.

Slides:

Advertisements

Similar presentations

1 IST 410/420 Software Version Control 2 DevelopmentIntegration Test System Test User Acceptance Testing ProductionArchive DEVELOPMENTUSERS - Developers.

Advertisements

Kerberos 5 at DESY Andreas Haupt Wolfgang Friebel.

Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.

SCSC 455 Computer Security

Branching, Switching and tagging Francesco Furfari CNR-ISTI Italy.

Warren Jones, Fluke Co., Eugene Kramer, Remedy Co. Introduction to CVS 1999 Concurrent Versions System Overview of CVS architecture. Repository structure.

Windows Server 2008 Kerberos Michiko Short Program Manager Microsoft Corporation.

Windows 2000 Kerberos Interoperability Paul Hill Co-Leader, Kerberos Development Team MIT John Brezak Program Manager Windows 2000 Security Microsoft.

James Johnson. What is it?  A system of authenticating securely over open networks  Developed by MIT in 1983  Based on Needham-Schroeder Extended to.

Password? CLASP Project Update C5 Meeting, 16 June 2000 Denise Heagerty, IT/IS.

WIN.MIT.EDU  Where are we today  Related services  Current enhancements  Some future enhancements  SharePoint  Panel Discussion.

Revision Control Systems Amin Tootoonchian Kian Mirjalali.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

Version Control What it is and why you want it. What is Version Control? A system that manages changes to documents, files, or any other stored information.

ACCESS CONTROL MANAGEMENT Project Progress (as of March 3) By: Poonam Gupta Sowmya Sugumaran.

1 SVN – Tool for Version Control Talal Ahmed ( ) Ali Ahsan ( ) Adil Zia Khan ( ) Farid Ullah ( )

Kerberos: A Network Authentication Tool Seth Orr University of Missouri – St. Louis CS 5780 System Administration.

By Steven Campbell and Erik Boone.  Sharing projects by putting them into a central repository.  Checking out copies of projects from the repository.

TAM STE Series 2008 © 2008 IBM Corporation WebSEAL SSO, Session 108/2008 TAM STE Series WebSEAL SSO, Session 1 Presented by: Andrew Quap.

AFS & Kerberos Best Practices Workshop 2008 Design Goals Functions that require authentication Solution Space Kerberos, GSSAPI or SASL (Decide on your.

Craig Berntson Chief Software Gardener Mojo Software Worx Branches and Merges are Bears, Oh My!

9/10/20151 Hyperion Enterprise 6.5 New Features & Functionality Robert Cybulski, CPA Finit Solutions.

Software Engineering Modern Approaches

What’s new in Stack 3.2 Michael Youngstrom. Disclaimer This IS a presentation – So sit back and relax Please ask questions.

CTP Migration. Overview and Background Release Process JP generates a new release of CTP. This could be based off CIP request, or other user of CTP. CIP.

S/MIME Freeware Library IETF S/MIME WG 13 December 2000 Getronics Government Solutions.

Subversion, an Open Source Version Control System An Introduction.

KX509: Leveraging Kerberos to Obtain Digital Certificates for Web Client Authentication University of Michigan Kevin Coffman Bill Doster.

OpenAFS on Windows: A Status Report Jeffrey Altman The OpenAFS Project 16 October 2012.

Kerberos: An Authentication Service for Open Network Systems Jennifer G. Steiner Clifford Neuman Jeffrey I. Schiller.

Branching. Version Control - Branching A way to write code without affecting the rest of your team Merge branches to integrate your changes.

Kuali Rice – ARC / TRC Update May 18, 2010 Eric Westfall – Kuali Rice Project Manager.

Object-Oriented Analysis & Design Subversion. Contents  Configuration management  The repository  Versioning  Tags  Branches  Subversion 2.

RMS Importer Status MACS Week March 2011 PP b-ABR_RMSImporterStatus Angela Brett RMS Importer Status 1.

Windows NT ® Single Sign On Cross Platform Applications (Part II) John Brezak Program Manager Windows NT Security Microsoft Corporation.

OpenAFS on Windows: A Status Report Jeffrey Altman The OpenAFS Project 26 March 2014.

Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.

SEC400 UNIX & Kerberos Interop to Achieve Identity Management

OpenAFS for Windows Status Report AFS & Kerberos Best Practice Workshop 2008.

Scaling NT To The Campus Integrating NT into the MIT Computing Environment Danilo Almeida, MIT.

ACCESS CONTROL MANAGEMENT Project Progress (as of March 3) By: Poonam Gupta Sowmya Sugumaran.

Henry B. HotzKerberos 5 Upgrade JPL’s Kerberos 5 Upgrade Henry B. Hotz Jet Propulsion Laboratory California Institute of Technology.

© 2002 IBM Corporation Confidential | Date | Other Information, if necessary June, 2011 Made available under the Eclipse Public License v Mobile.

INFSO-RI Enabling Grids for E-sciencE SCDB C. Loomis / Michel Jouvin (LAL-Orsay) Quattor Tutorial LCG T2 Workshop June 16, 2006.

Team-Oriented Development with CVS and Eclipse Presented June 9, 2004 Manchester Java Users Group Meeting By Gregory C. Larkin.

Kerberos By Robert Smithers. History of Kerberos Kerberos was created at MIT, and was named after the 3 headed guard dog of Hades in Greek mythology Cerberus.

CS425 / CSE424 / ECE428 — Distributed Systems — Fall 2011 Some material derived from slides by Prashant Shenoy (Umass) & courses.washington.edu/css434/students/Coda.ppt.

1 CSE306 Operating Systems Projects CVS/SSH tutorial.

OpenAFS Status Report Cartel 2008 Stanford University.

Are you Ready for Configuration Manager vNext?

Kerberos 5 for DESY Wolfgang Friebel. Sep 20, Useful URL’s K5 protocol: FAQ:

Kerberos in an ISP environment

WinCVS Training è Basic Concepts è Download & Setup è Importing a new module into CVS Repository è Getting new module from CVS è Getting Latest version.

Advanced Authentication Campus-Booster ID: Copyright © SUPINFO. All rights reserved Kerberos.

© 2007 by Michal Dobisek; made available under the EPL v1.0 | EclipseCon 2007 Michal Dobisek, Inside Subversive The Subversion.

Active Directory and NT Kerberos. Introduction to NT Kerberos v5 What is NT Kerberos? How is it different from NTLM NT Kerberos vs MIT Kerberos Delegation.

What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Kerberos is a three-headed dog Available as open source or in supported.

SSSD System Security Services Daemon. 2 Manages communication with centralized identity and authentication stores Provides robust, predictable caching.

SSSD System Security Services Daemon. 2 Manages communication with centralized identity and authentication stores Provides robust, predictable caching.

Kerberos OLC Training What is it? ● A three-headed dog that guards the entrance to Hades. ● A network authentication protocol that also.

Moonshot, in a nutshell SAML IdP Client Server AAA EAP RADIUS.

WIN.MIT.EDU Update Where are we today Related services

Web Development Using ASP .NET

Security Vulnerabilities in RPC (csci5931)

Kerberos in an ISP environment

DSDP Mobile Tools for Java 1

Introduction to the Desktop Version of CIMSpy/CIMdesk (V 2.3)

Branches And Releases Branch for Urgent Bug Branch for Feature A

ARC6 retreat, Umeå, 7-9 November 2018

Presentation transcript:

Heimdal Status Report Jeffrey Altman 26 March 2014

State of the Project 34 contributors in last 12 months 34 contributors in last 12 months –Most in history of the project 127% year over year increase in commits 127% year over year increase in commits Average age of the committers is increasing Average age of the committers is increasing

Heimdal 1.5 Last release 1.5.3; tagged Dec 2012 Last release 1.5.3; tagged Dec patches applied to heimdal-1-5- branch since 42 patches applied to heimdal-1-5- branch since Most important for this audience Most important for this audience –DES exception for AFS service principals –Session key selection changes necessary for rxkad-k5 to work

1.6 is a Major Release New Features New Features Improvements Improvements Bug Fixes Bug Fixes Security Fixes Security Fixes Windows Updates Windows Updates

Features FAST (RFC 6113) FAST (RFC 6113) HDB password history HDB password history Cross-realm key rollover safety Cross-realm key rollover safety LDAP StartTLS LDAP StartTLS DIR cred cache DIR cred cache MIT/Heimdal KDB/HDB migration functionality MIT/Heimdal KDB/HDB migration functionality

Improvements  FILE cred cache improvements  interop bugs (gss_pseudo_random())  New plugin interface model  kinit improvements  Kx509 configuration options

Bug Fixes KDC 1DES session key selection KDC 1DES session key selection –AFS rxkad-k5 compatibility Keytab file descriptor / lock leaks Keytab file descriptor / lock leaks FILE cred cache corruption bugs FILE cred cache corruption bugs GSS PRF+ interop bug GSS PRF+ interop bug TGS client requests failed to ask for renewable, forwardable, proxiable TGS client requests failed to ask for renewable, forwardable, proxiable KDC handling of enterprise principals KDC handling of enterprise principals

Security Fixes kx509 realm-chopping security bug kx509 realm-chopping security bug

Windows Redesign of Side by Side Assembly Redesign of Side by Side Assembly –Plugins must be part of the assembly –Otherwise, internal DLL Version conflicts Public SDK Public SDK –Merge Modules available for third party integration kadmin client provided kadmin client provided MIT KFW 3.2 shim libraries MIT KFW 3.2 shim libraries

What is Missing? libkafs supports neither rxkad-k5 nor rxkad-prf libkafs supports neither rxkad-k5 nor rxkad-prf No FAST OTP implementation No FAST OTP implementation

HEIMDAL STATUS REPORT 2014 EAKC