-*- indented-text -*-

$Id$

* admin

add some kind of remote admin protocol

** kpasswd

* appl

more programs here

** appl/rsh

forwarding is not implemented at all.

perhaps rsh and rshd should be able to handle `traditional'
  rsh-protocol as well.

** appl/telnet

** appl/test

should test more stuff

* doc

there's some room for improvement here.

* kdc

implement support for interoperability with kerberos V4.

needs a configuration file.

pre-authentication required per principal

* kuser

** kinit

misses lots of useful options.

should try to give better error messages.

* lib

** lib/asn1

prepend a prefix on all generated symbols

** lib/auth

PAM and afskauthlib

** lib/des

md4, md5, and sha doesn't work on Crays.

** lib/editline

** lib/error

** lib/gssapi

acquire_cred, release_cred, process_context_token, context_time,
display_status, compare_names, export_name, inquire_cred,
wrap_size_limit, add_cred, inquire_cred_by_mech, export_sec_context,
import_sec_context, inquire_names_for_mech, inquire_mechs_for_name,
canonicalize_name, and duplicate_name not implemented.

import_name only understands GSS_C_NT_HOSTBASED_SERVICE and
GSS_C_NO_OID.

get_mic, wrap: always uses the remote_subkey

only DES MAC MD5 and DES implemented.

wrap and unwrap always uses DES for sealing even if conf is not
requested.

minor_status is never set

init_sec_context: `initiator_cred_handle' and `time_req' ignored.

accept_sec_context: the first principal in the srvtab is always used.

accept_sec_context: `acceptor_cred_handle' is ignored.

input channel bindings are not supported

delegation not implemented

anonymous credentials not implemented

** lib/hdb

implement encryption of database entries and master keys.

** lib/krb5

replay cache not implemented

the following encryption types have been implemented: DES-CBC-CRC,
DES-CBC-MD4, DES-CBC-MD5

supports the following checksums: CRC32, RSA-MD4, RSA-MD5,
RSA-MD4-DES, RSA-MD5-DES

always generates a new subkey in an authenticator

probably leaks memory when errors occur

should the sequence numbers be XORed?

encryption and checksum type is still hardcoded in some places.

postdated, renewable, and forwardable tickets are not supported.

** lib/roken

** lib/sl