2000-01-09 20:58:00 +00:00
|
|
|
-*- indented-text -*-
|
|
|
|
|
2000-02-24 11:07:16 +00:00
|
|
|
$Id: TODO,v 1.40 2000/01/28 04:10:56 assar Exp $
|
2000-01-09 20:58:00 +00:00
|
|
|
|
|
|
|
* configure
|
|
|
|
|
|
|
|
use more careful checking before starting to use berkeley db. it only
|
|
|
|
makes sense to do so if we have the appropriate library and the header
|
|
|
|
file.
|
|
|
|
|
|
|
|
* appl
|
|
|
|
|
|
|
|
more programs here
|
|
|
|
|
|
|
|
** appl/login
|
|
|
|
|
|
|
|
/etc/environment etc.
|
|
|
|
|
|
|
|
** appl/popper
|
|
|
|
|
|
|
|
Implement RFC1731 and 1734, pop over GSS-API
|
|
|
|
|
|
|
|
** appl/test
|
|
|
|
|
|
|
|
should test more stuff
|
|
|
|
|
|
|
|
** appl/rsh
|
|
|
|
|
|
|
|
add rcp program
|
|
|
|
|
|
|
|
** appl/ftp
|
|
|
|
|
|
|
|
* doc
|
|
|
|
|
|
|
|
there's some room for improvement here.
|
|
|
|
|
|
|
|
* kdc
|
|
|
|
|
|
|
|
* kadmin
|
|
|
|
|
|
|
|
is in need of a major cleanup
|
|
|
|
|
|
|
|
* lib
|
|
|
|
|
|
|
|
** lib/asn1
|
|
|
|
|
|
|
|
prepend a prefix on all generated symbols
|
|
|
|
|
|
|
|
make asn1_compile use enum types where applicable
|
|
|
|
|
|
|
|
** lib/auth
|
|
|
|
|
|
|
|
PAM
|
|
|
|
|
|
|
|
** lib/des
|
|
|
|
|
|
|
|
** lib/gssapi
|
|
|
|
|
|
|
|
process_context_token, display_status, add_cred, inquire_cred_by_mech,
|
|
|
|
export_sec_context, import_sec_context, inquire_names_for_mech, and
|
|
|
|
inquire_mechs_for_name not implemented.
|
|
|
|
|
|
|
|
only DES MAC MD5 and DES implemented.
|
|
|
|
|
|
|
|
set minor_status in all functions
|
|
|
|
|
|
|
|
init_sec_context: `initiator_cred_handle' and `time_req' ignored.
|
|
|
|
|
|
|
|
input channel bindings are not supported
|
|
|
|
|
|
|
|
delegation not implemented
|
|
|
|
|
|
|
|
anonymous credentials not implemented
|
|
|
|
|
|
|
|
** lib/hdb
|
|
|
|
|
|
|
|
** lib/kadm5
|
|
|
|
|
|
|
|
add policies?
|
|
|
|
|
|
|
|
fix to use rpc?
|
|
|
|
|
|
|
|
** lib/krb5
|
|
|
|
|
2000-02-24 11:07:16 +00:00
|
|
|
rewrite the lookup of KDCs to handle kerberos-<n> and not do any DNS
|
|
|
|
requests if the information can be found locally. this requires stop
|
|
|
|
using krb5_get_krbhst.
|
|
|
|
|
2000-01-09 20:58:00 +00:00
|
|
|
the replay cache is, in its current state, not very useful
|
|
|
|
|
|
|
|
the following encryption types have been implemented: DES-CBC-CRC,
|
|
|
|
DES-CBC-MD4, DES-CBC-MD5, DES3-CBC-MD5, DES3-CBC-SHA1
|
|
|
|
|
|
|
|
supports the following checksums: CRC32, RSA-MD4, RSA-MD5,
|
|
|
|
RSA-MD4-DES, RSA-MD5-DES, RSA-MD5-DES3, SHA1, HMAC-SHA1-DES3
|
|
|
|
|
|
|
|
always generates a new subkey in an authenticator
|
|
|
|
|
|
|
|
should the sequence numbers be XORed?
|
|
|
|
|
|
|
|
fix pre-authentication with pa-afs3-salt
|
|
|
|
|
|
|
|
OTP?
|
|
|
|
|
|
|
|
** lib/roken
|
|
|
|
|
|
|
|
** lib/sl
|