tisdag 3 april 2007

KDIGEST and Heimdal 0.8 release process

In the last few days me and Klas have worked on improving the KDC digest stuff. It will be used together with Radiator to provide 802.1X/EAPOL login at Stockholm University. The interface now supports CHAP, MS-CHAP-V2 and SASL DIGEST-MD5 in addition to the NTLM versions. The only new system is MS-CHAP-V2 but I also changed the digest protocol from experience from the NTLM work.

Heimdal 0.8 release is progressing nicely (wrote code 22 out of 31 days in January), there is not much I feel needs to be fixed before the release and I've been working on portability fixes in addition to the KDIGEST work since the heimdal 0.8 branch was cut. There is some new functionallity on the HEAD that wont be in 0.8 release, like the Kerberos PRF, mainly because there have been no interop testing. That how valueable test vectors in RFCs are.

The info manual pages have been cleaned up and now they are generated each night for the diffrent branches that I maintain. hx509 needs some more text but is a good start, I'm starting to get concerted about the complexity of the hxtool issue-certificate tool, its should be simpler that it is but the X.509 folks have just dreamed up too many options and features. The manual pages (formated in mdoc) still needs to htmlized and published on the web, but that will have to wait util I find a good way to do it (ie part of the build system).

After the Heimdal 0.8 release the CVS tree will be converted into subversion tree and moved to Stockholm University and IT och Media, but because CVS is so bad for us, its mainly because of that subversion is faster to use for large repositories. I can't feel that changing to subversion is a downgrade, subversion doesn't give me O(1) time sandboxes (it provides O(1) branches, that doesn't help me, still need to check out the tree). I want to have a source code revision system, not a revisioned filesystem. Anyway, subversion will have to do for now.