OpenBSD-4.6/kerberosV/src/TODO

-*- indented-text -*-

$KTH: TODO,v 1.70 2004/01/05 13:32:01 lha Exp $

* configure

handle readline hiding in readline/readline.h

* appl

** appl/popper

Implement RFC1731 and 1734, pop over GSS-API

* doc

* kdc

* kadmin

make it happy with reading and parsing kdc.conf

is in need of a major cleanup

* kpasswdd

figure out what's the deal with do_sequence and the MIT client

* lib

** lib/asn1

prepend a prefix on all generated symbols

implicit optional CONS types

untag optional


** lib/auth

** lib/auth/sia

PAM

** lib/com_err

write a man-page

** lib/des

make everything work with openssl and make prototypes compatible

** lib/gssapi

anonymous credentials not implemented

gss_acquire_cred(GSS_C_BOTH) with a keytab only, gss_add_cred,
gss_release_cred renders the output_cred_handle broken.

cache delegation credentials to avoid hitting the kdc ?  require time
stampless tickets, and was supported in the recv'ing end with 0.6.1.

flag to look at ok-to-delegate even if GSS_C_DELEG_FLAG was set
(limited to some target domains).

** lib/hdb

** lib/kadm5

add policies?

fix to use rpc?

** lib/krb5

iv for aes

the replay cache is, in its current state, not very useful

OTP?

make checksum/encryption type configuration more realm-specific.

crypto: allow scatter/gather creation of checksums

verify_user: handle non-secure verification failing because of
host->realm mapping

config_file: do it in case-sensitive and/or insensitive

** lib/roken