Apache Kerby 1.0.0-RC2 Release Note

105 JIRA issues were resolved and with the following Features and important changes since 1.0.0-RC1:

• 1. Anonymous PKINIT support(BETA): allows a client to obtain anonymous credentials without authenticating as any particular principal.
• 2. Finished token support:
  • Add ability to encrypt and sign using non-RSA keys;
  • Get the verify key for signed JWT token from kdc config;
  • Token issuer must be trusted as one of preconfigured issuers;
  • Add support for decrypting JWT tokens in the KDC.
• 3. PKIX CMS/X509 support.
• 4. BER encoding support.
• 5. Improved the ASN1 framework:
  • Separate Asn1 parser;
  • Support decoding of primitive but constructed encoded types;
  • Allow to define explicit and implicit fields more easily for collection types;
  • Providing an API to use some useful ASN1 functions by consolidating existing utilities
• 6. Dump support for Asn1.
  • provide an ASN1 dumping tool for troubleshooting
• 7. Separate KrbClient, KrbTokenClient, and KrbPkinitClient APIs.