Because we (Heimdal) need to make a release, darn it. I'm going to cut an 8.0 beta within a week or two.
Basically, an 8.0 release is super pent up -- years. It's got lots of very necessary stuff, including support for the extended GSS-API "cred store" APIs, which are very handy. Lots of iprop enhancements, "virtual service principal namespaces", "synthetic client principals", lots of PKINIT enhancements, modern public key cryptography (but not PQ), etc.
The issue is that the maintainers (myself included) have been busy with other things. But the pressure to do a release has ramped up significantly recently.
Also things like support for GSS-API pre-authentication mechanisms (so, you can use an arbitrary security mechanism such as EAP to authenticate yourself to the KDC), the new SAnon mechanism, pulling in some changes from Apple's fork, replacing builtin crypto with OpenSSL, etc. Lack of release has been typical OSS lack of resources: no one is paid to work on Heimdal full time.
Oh yeah, it's huge.
Also included are experimental:
- httpkadmind (which together with virtual service principal namespaces makes a very nice keytab orchestration system)
- bx509d (an online CA)
- JWT support for the above