heimdal/TODO

-*- indented-text -*-

$Id$

* admin

add some kind of remote admin protocol

** kpasswd

* appl

more programs here

** appl/rsh

perhaps rsh and rshd should be able to handle the `traditional'
  rsh-protocol as well.

** appl/telnet

** appl/test

should test more stuff

* doc

there's some room for improvement here.

* kdc

* kuser

** kinit

misses lots of useful options.

should try to give better error messages.

* lib

** lib/asn1

prepend a prefix on all generated symbols

** lib/auth

PAM and afskauthlib

** lib/des

md4, md5, and sha doesn't work on Crays.

** lib/editline

** lib/error

** lib/gssapi

acquire_cred, release_cred, process_context_token, context_time,
display_status, compare_names, export_name, inquire_cred,
wrap_size_limit, add_cred, inquire_cred_by_mech, export_sec_context,
import_sec_context, inquire_names_for_mech, inquire_mechs_for_name,
canonicalize_name, and duplicate_name not implemented.

import_name only understands GSS_C_NT_HOSTBASED_SERVICE and
GSS_C_NO_OID.

get_mic, wrap: always uses the remote_subkey

only DES MAC MD5 and DES implemented.

wrap and unwrap always uses DES for sealing even if conf is not
requested.

minor_status is never set

init_sec_context: `initiator_cred_handle' and `time_req' ignored.

accept_sec_context: the first principal in the srvtab is always used.

accept_sec_context: `acceptor_cred_handle' is ignored.

input channel bindings are not supported

delegation not implemented

anonymous credentials not implemented

** lib/hdb

implement encryption of database entries and master keys.

** lib/krb5

replay cache not implemented

the following encryption types have been implemented: DES-CBC-CRC,
DES-CBC-MD4, DES-CBC-MD5

supports the following checksums: CRC32, RSA-MD4, RSA-MD5,
RSA-MD4-DES, RSA-MD5-DES

always generates a new subkey in an authenticator

probably leaks memory when errors occur

should the sequence numbers be XORed?

encryption and checksum type is still hardcoded in some places.

** lib/roken

** lib/sl