Monday, January 8, 2007

Happy New Year!

It has been many months since this blog has been updated and many wonderful things occurred during the final three months of 2006. 

On the Kerberos front:

On Nov 9th, MIT announced that they want to provide a full-time developer to support Windows development.  As a result, Secure Endpoints Inc. has become a development and support partner.  Secure Endpoints Inc. will continue to enhance Kerberos for Windows and Network Identity Manager as well as issue new releases in conjunction with MIT's Kerberos team.  The primary change is that MIT will no longer be funding Secure Endpoints' efforts.  As a result, Secure Endpoints is reaching out to the broader Kerberos for Windows user community to help support on-going development.

On Nov 30th, MIT Kerberos for Windows 3.1 including Network Identity Manager 1.1.8 was finally released.
Although Network Identity Manager has not changed much on the outside since the KFW 3.0 release, on the inside the changes were dramatic.  A large number of usability issues were addressed and the plug-in interface was improved to support a wider range of functionlity.   KFW 3.1 can be downloaded from MIT:

Development on KFW 3.2 and NIM 1.2 is underway.  Secure Endpoints has posted a development road map including 64-bit Windows support, Vista support, and a wide range of enhancements to the Network Identity Manager user interface.  Financial support from the community is required to sustain the on-going improvements that KFW has received over the last several years.

For OpenAFS for Windows, 2006 was a banner year.  It started off with the 1.4.1 release candidates and ended with the release of 1.5.13.  Throughout those releasesthere were more than 150 improvements to the product.  The most important changes include:
* No more resource leaks within the SMB Server
* Locally managed byte range locks backed by full file locks on the file server
* Improved performance when disconnected from the network
* Improved performance for directory listing
* Improved performance when storing temporary files within AFS
* Improved power management event handling
* Support for file sizes greater than 2GB
* Over quota and disk full errors are now reported
* Significantly improved handling of dirty buffers results in decreased cpu utilization and faster writes
* A Network Identity Manager AFS credential plug-in is provided
* Support for 64-bit Windows
* Support for Microsoft Vista
A summary of the current state of OpenAFS for Windows can be found at as well as the most recent Status Report

Secure Endpoints has published a development road map for OpenAFS for Windows which includes a number of performance improvements to the AFS Client Service as well as a complete set of re-writes of the Explorer Shell integration, the OpenAFS Control Panel, and the development of a Microsoft Management Console for configuring the AFS Client Service.

Finally, perhaps the best surprise for last.  Just before the end of the year the AFS Servers (file, protection, volume, volume database, bos) were made functional once again.  The install wizard has been removed because it made assumptions that no longer hold true, but by manually installing the servers as is done on UNIX, it is now possible to run a cell from a Windows Server.  See the road map for a summary of what still remains to be done.

In 2007, there is much to look forward to.  During the first quarter Secure Endpoints will release a new Network Identity Manager plug-in for obtaining KX509/KCA certificates; and with community support there will be significant releases of both KFW and OpenAFS. 

Mark on your calendar that the next AFS & Kerberos Best Practice Workshop will be held at Stanford during the week of May 7 to 11.  As always full day tutorials will be provided on AFS and Kerberos installation, administration, and maintenance.  This year Secure Endpoints will be providing the Kerberos tutorial.  New this year will be discussion of Kerberos and GSS-API programming practices.

Here's a toast to the accomplishments of 2006 and those that are to come in 2007. 
Happy New Year!!!!