eaeb092997
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2490 ec53bebd-3082-4978-b11e-865c3cabbd6b
127 lines
2.2 KiB
Plaintext
127 lines
2.2 KiB
Plaintext
-*- indented-text -*-
|
|
|
|
$Id$
|
|
|
|
* admin
|
|
|
|
add some kind of remote admin protocol
|
|
|
|
** kpasswd
|
|
|
|
send a reply from the server
|
|
|
|
* appl
|
|
|
|
more programs here
|
|
|
|
** appl/rsh
|
|
|
|
forwarding is not implemented at all.
|
|
|
|
perhaps rsh and rshd should be able to handle `traditional'
|
|
rsh-protocol as well.
|
|
|
|
** appl/telnet
|
|
|
|
forwarding not implemented.
|
|
|
|
** appl/test
|
|
|
|
should test more stuff
|
|
|
|
* doc
|
|
|
|
there's some room for improvement here.
|
|
|
|
* kdc
|
|
|
|
implement support for interoperability with kerberos V4.
|
|
|
|
needs a configuration file.
|
|
|
|
the requirement for preauthentication should be configurable.
|
|
|
|
* kuser
|
|
|
|
** kinit
|
|
|
|
misses lots of useful options.
|
|
|
|
should try to give better error messages.
|
|
|
|
* lib
|
|
|
|
** lib/asn1
|
|
|
|
** lib/auth
|
|
|
|
PAM and afskauthlib
|
|
|
|
** lib/des
|
|
|
|
md4, md5, and sha doesn't work on Crays.
|
|
|
|
** lib/editline
|
|
|
|
** lib/error
|
|
|
|
** lib/gssapi
|
|
|
|
acquire_cred, release_cred, process_context_token, context_time,
|
|
display_status, compare_names, export_name, inquire_cred,
|
|
wrap_size_limit, add_cred, inquire_cred_by_mech, export_sec_context,
|
|
import_sec_context, inquire_names_for_mech, inquire_mechs_for_name,
|
|
canonicalize_name, and duplicate_name not implemented.
|
|
|
|
import_name only understands GSS_C_NT_HOSTBASED_SERVICE and
|
|
GSS_C_NO_OID.
|
|
|
|
get_mic, wrap: always uses the remote_subkey
|
|
|
|
only DES MAC MD5 and DES implemented.
|
|
|
|
wrap and unwrap always uses DES for sealing even if conf is not
|
|
requested.
|
|
|
|
minor_status is never set
|
|
|
|
init_sec_context: `initiator_cred_handle' and `time_req' ignored.
|
|
|
|
accept_sec_context: the first principal in the srvtab is always used.
|
|
|
|
accept_sec_context: `acceptor_cred_handle' is ignored.
|
|
|
|
input channel bindings are not supported
|
|
|
|
delegation not implemented
|
|
|
|
anonymous credentials not implemented
|
|
|
|
** lib/hdb
|
|
|
|
implement encryption of database entries and master keys.
|
|
|
|
** lib/krb5
|
|
|
|
replay cache not implemented
|
|
|
|
the following encryption types have been implemented: DES-CBC-CRC,
|
|
DES-CBC-MD4, DES-CBC-MD5
|
|
|
|
supports the following checksums: CRC32, RSA-MD4, RSA-MD5,
|
|
RSA-MD4-DES, RSA-MD5-DES
|
|
|
|
always generates a new subkey in an authenticator
|
|
|
|
probably leaks memory when errors occur
|
|
|
|
should the sequence numbers be XORed?
|
|
|
|
encryption and checksum type is still hardcoded in some places.
|
|
|
|
postdated, renewable, and forwardable tickets are not supported.
|
|
|
|
** lib/roken
|
|
|
|
** lib/sl
|