- hcrypto is now thread safe on all platforms and as much as possible
hcrypto now uses the operating system's preferred crypto
implementation ensuring that optimized hardware assisted
implementations of AES-NI are used.
- RFC 6113 Generalized Framework for Kerberos Pre-Authentication
(FAST).
- Hierarchical capath support
- iprop has been revamped to fix a number of race conditions that
could lead to inconsistent replication.
- The KDC process now uses a multi-process model improving resiliency
and performance.
- AES Encryption with HMAC-SHA2 for Kerberos 5
draft-ietf-kitten-aes-cts-hmac-sha2-11
- Moved kadmin and ktutil to /usr/bin
- Stricter fcache checks (see fcache_strict_checking krb5.conf setting)
- Removed legacy applications: ftp, kx, login, popper, push, rcp, rsh,
telnet, xnlock