f22d27f27b
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2946 ec53bebd-3082-4978-b11e-865c3cabbd6b
133 lines
2.5 KiB
Plaintext
133 lines
2.5 KiB
Plaintext
-*- indented-text -*-
|
|
|
|
$Id$
|
|
|
|
* admin
|
|
|
|
add some kind of remote admin protocol
|
|
|
|
allow changing of all fields with kdb_edit
|
|
|
|
* kpasswdd
|
|
|
|
configuration control for password expiration
|
|
|
|
* appl
|
|
|
|
more programs here
|
|
|
|
verify that all callers of krb5_rd_req set addresses in auth_context
|
|
|
|
verify that all callers of krb5_rd_req and krb5_recvauth send in a `server'
|
|
|
|
** appl/popper
|
|
|
|
Implement RFC1731 and 1734, pop over GSS-API
|
|
|
|
** appl/rsh
|
|
|
|
perhaps rsh and rshd should be able to handle the `traditional'
|
|
rsh-protocol as well.
|
|
|
|
** appl/telnet
|
|
|
|
error messages when kerberos functions fail
|
|
|
|
** appl/test
|
|
|
|
should test more stuff
|
|
|
|
* doc
|
|
|
|
there's some room for improvement here.
|
|
|
|
* kdc
|
|
|
|
should the KDC use keytabs to store its keys? Then it could use krb5_rd_req.
|
|
|
|
* lib
|
|
|
|
** lib/asn1
|
|
|
|
prepend a prefix on all generated symbols
|
|
|
|
** lib/auth
|
|
|
|
PAM and afskauthlib
|
|
|
|
** lib/des
|
|
|
|
md4, md5, and sha doesn't work on Crays.
|
|
|
|
** lib/gssapi
|
|
|
|
acquire_cred, release_cred, process_context_token, context_time,
|
|
display_status, compare_names, export_name, inquire_cred,
|
|
wrap_size_limit, add_cred, inquire_cred_by_mech, export_sec_context,
|
|
import_sec_context, inquire_names_for_mech, inquire_mechs_for_name,
|
|
canonicalize_name, and duplicate_name not implemented.
|
|
|
|
import_name only understands GSS_C_NT_HOSTBASED_SERVICE and
|
|
GSS_C_NO_OID.
|
|
|
|
get_mic, wrap: always uses the remote_subkey
|
|
|
|
only DES MAC MD5 and DES implemented.
|
|
|
|
wrap and unwrap always uses DES for sealing even if conf is not
|
|
requested.
|
|
|
|
minor_status is never set
|
|
|
|
init_sec_context: `initiator_cred_handle' and `time_req' ignored.
|
|
|
|
accept_sec_context: the first principal in the srvtab is always used.
|
|
|
|
accept_sec_context: `acceptor_cred_handle' is ignored.
|
|
|
|
input channel bindings are not supported
|
|
|
|
delegation not implemented
|
|
|
|
anonymous credentials not implemented
|
|
|
|
** lib/hdb
|
|
|
|
fix encryption of database entries and master keys.
|
|
|
|
fix locking
|
|
|
|
fix atomic rename of database
|
|
|
|
** lib/krb5
|
|
|
|
replay cache not implemented
|
|
|
|
the following encryption types have been implemented: DES-CBC-CRC,
|
|
DES-CBC-MD4, DES-CBC-MD5
|
|
|
|
supports the following checksums: CRC32, RSA-MD4, RSA-MD5,
|
|
RSA-MD4-DES, RSA-MD5-DES
|
|
|
|
always generates a new subkey in an authenticator
|
|
|
|
probably leaks memory when errors occur
|
|
|
|
should the sequence numbers be XORed?
|
|
|
|
encryption and checksum type is still hardcoded in some places.
|
|
|
|
implement krb5_sname_sock_to_principal (or some better name)?
|
|
|
|
krb5_recvauth: set addresses in auth_context if there aren't any
|
|
|
|
wait for error before generating preauthentication
|
|
|
|
pa-afs3-salt?
|
|
|
|
OTP?
|
|
|
|
** lib/roken
|
|
|
|
** lib/sl
|