NetBSD-5.0.2/crypto/dist/heimdal/TODO

-*- indented-text -*-

$Id: TODO,v 1.2 2008/03/22 08:36:49 mlelstv Exp $

* configure

handle readline hiding in readline/readline.h

* appl

** appl/popper

Add security layer to pop over GSS-API

* doc

* kdc

* kadmin

is in need of a major cleanup

* kpasswdd

figure out what's the deal with do_sequence and the MIT client

* lib

** lib/asn1

prepend a prefix on all generated symbols

implicit optional CONS types

** lib/auth

** lib/auth/sia

PAM

** lib/com_err

** lib/des

** lib/gssapi

anonymous credentials not implemented

gss_acquire_cred(GSS_C_BOTH) with a keytab only, gss_add_cred,
gss_release_cred renders the output_cred_handle broken.

cache delegation credentials to avoid hitting the kdc ?  require time
stampless tickets, and was supported in the recv'ing end with 0.6.1.

flag to look at ok-to-delegate even if GSS_C_DELEG_FLAG was set
(limited to some target domains).

** lib/hdb

** lib/kadm5

add policies?

fix to use rpc?

** lib/krb5

the replay cache is, in its current state, not very useful

OTP?

make checksum/encryption type configuration more realm-specific.

crypto: allow scatter/gather creation of checksums

verify_user: handle non-secure verification failing because of
host->realm mapping

config_file: do it in case-sensitive and/or insensitive

** lib/roken