+++ /dev/null
-Major projects:
-
-0. Update the rest of this file. I think it predates release 1.0!
-
-1. Run a V5 KDC on the master KDC.
- * audit code in v4 kadmind server
-DONE * convert syslog -> log (to real file)
-DONE * save versus deletion of rcache file (HIGH PRIORITY)
-DONE * Use dbm as the default database. (HIGH PRIORITY)
-DONE * KDC does not notice new databases after new db loads (HIGH PRIORITY)
- * KDC returns wrong starttime if queried too quickly with a TGS req.
- after a TGT request.
- * v4kadmind: convert syslog -> log (to real file)
-DONE * v4kadmind: should store (kvno++ % 256) in database, or there should
- be a mechanism in ktutil to query the server for the kvno
- because V4 and V5 kvno's have different limits/wraps.
- (currently, it is set to store kvno++ % 256)
-
-2. API changes
-DONE * context changes (mostly done)
-DONE * narrow types (done)
-DONE * get_in_tkt for salt support, multi encryption
-DONE * keytab lookup (for multi-encryption)
-DONE * oracle forwarding support
-DONE * Remove krb5_enctype argument from string_to_key(). (HIGH)
- * Functionalize krb5.h (HIGH)
-
-3. Multi-encryption support
-DONE * kdb5_edit support (show princal, set attributes)
-DONE * test DES-MD5
-DONE * make DES-MD5 default, fall back to DES-CRC
-DONE * DES_CBC_* are not being properly treated.
- Requesting one type does not always return a key of the
- same type (even if there is another DES key in the db).
-
-4. Better Kerberos Database
-DONE * Design encoders/decoders
-DONE * Added keytab routines to access to database.
- * A krb5_db_context is necessary for all the db access routines.
- Eg put_principal(), get_principal(), etc...
- The API on these routines needs to be modified and the
- current db_context needs to be removed from the krb5_context
- to better support multiple databases/realms. (POST 1.0)
-
-5. Configuration file
-DONE * write configuration file library
-
-6. Misc Cleanup
- * check file vs stdio ccache code; replace file code with stdio
- * rewrite rcache code
-DONE * fold in krb4 library
-DONE * kdc support automatic fallback (done)
- * DES glue code rewrite
-DONE * don't need NEED_SYS_FCNTL.H; just always include <fnctl.h>
- * utmp configure cleanup
- * telnet portability
-DONE * CONFIG_RULES should include more standard rules (WITH_KRB4, etc.)
- stuff that's in every single configure.in file.
- * klist and kdestroy drags in the entire libcrypto library
- unnecessarily; this is because init_ctx references
- krb5_csarray (via valid_etype) and
- krb5_max_crypto_system, which drags in cryptoconf.c
-DONE * Make kinit not delete the credcache before tickets are
- successfully obtained.
- * Telnet/rlogin bug --- must do
- gethostbyname()/gethostbyaddr() to get a real DNS name
- so that we don't get bitten by athena.dialup.mit.edu
- and resolvers which shuffle DNS records. (HIGH)
- * GSSAPI V2 calls: gss_export_name(), gss_canonicalize_name(),
- gss_inquire_mech_for_names()
- * GSSAPI mechglue: gss_inquire_cred() not quite right for
- default credential. Fix for Mech-Spec names.
- * GSSAPI mechglue: gss_acquire_cred is really kinda broken...
- Fix for mech-spec names.
- * krb5 bugs
-
-7. Future development
- * support for realm name changes (POST 1.0)
- * telnet rsh support (POST 1.0)
- * Make routines for updating the master key in a database.
- Thinking about this I think its easier to have the
- routines update the master key and then update every
- principal in the database. Doing this will also allow
- us to remove the mkvno field saving 2 bytes per entry.
-DONE * Fix preauthentication code
-DONE * Save the time offset between the kerberos server and the
- current host in the credential cache. (Just need to
- actually get and save the time.)
- * Make a keysalt to salt function that takes keysalt info and
- principal and returns a salt.
- Routines: krb5_keysalt_to_salt(krb5_context,
- krb5_keysalt, krb5_principal)
- * Implement krb5_cc_remove_cred() (LOW)
- * Implement tl_data for server keys supported by the server
- for client-server communications. (LOW)
- * Add profile entries for (HIGH)
- default enctype (and salttype?) list for kinit and AS requests.
- default enctype list for TGS requests in krb library
- default enctype/salttype list for change password requests.
- default enctype for change random key requests.
-
-8. New applications
- * POP (POST 1.0)
- * discuss (POST 1.0)
-DONE * FTP (POST 1.0?)
- * Zephyr (POST 1.0)
- * Proper encrypted telnet (POST 1.0)
-
-9. Kadmin
-DONE * Password changing protocol.
- * kadmin --- Have ank, ark, cpw, crk use new protocol. (HIGH)
- * kadmind (HIGH)
- Finish work on modify entry command.
- Make sure that db opens log before becoming a daemon.
-
-10. Install Cleanup
-DONE * krb5.h still #include's the com_err error include files. krb5.h
- should be constructed from krb5.hin, and those include
- files should be inlined, so that we only need to
- install the single krb5.h file.
-DONE * We shouldn't be installing into /krb5. Should use the Gnu
- coding standard prefix and exec_prefic setup, with the
- kerberos database living in /prefix/lib/kdb5. (People
- can symlink that off to another partition if they feel
- the need.)
-
-11. Testing
- * Test the new kdb locking code (HIGH)
- * test cross realm authentication (HIGH)
- * Test that db key_data crunching of enctypes actually works. (HIGH)
- Routines in kdb_cpw.c: add_key_pwd(), add_key_rnd()
- Routines in kdb_xdr.c: krb5_dbe_find_enctype()
- * Test that krb5_dbm_db_put_principal() doesn't save a krb5_db_entry
- with any keys with kvno = 0. (HIGH)
-
-12. Integration
- * Merge in new GSSAPI code from OV. (HIGH)
-
-13. Post 1.0 items
- * Incremental kprop
- * Change krb5_enctype and krb5_checksumtype to be unsigned ints.
- * Secure Network Key preauthentication.
- * If configuring with --enable-athena, Athena-environment
- setup for login.
-
-----------------------------------------------------------------------------
-I believe these are done but a double check would be nice.
-----------------------------------------------------------------------------
-
-Make sure kdb code doesn't save salt type KRB5_KDB_SALTTYPE_NORMAL (0)
-into the db.
- Routines: krb5_dbekd_decrypt_key_data(), krb5_dbekd_encrypt_key_data()
-
-Check that dump/restore actually works
- Each entry needs to have a version, length, and each integer entry
- needs to be saved with a hexidecimal encoding. The principals should
- use parse/unparse routines. (Paul did the work but nobody has checked it)
-
-
------------------------------------------------------
-
-OLD TODO ITEMS (to be vetted later)
-
-
-needed before beta4-patch2:
-
-940802 stdargs/varargs breakage of ksu under SunOS
-
-not-quite-critical bug fixes:
-
-940802 double-check telnet problems, e.g. solaris pty grabbing
-940802 rethink using compile check for fopen() binary mode
-
-future development:
-
-940808 check file vs stdio ccache code; replace file code with stdio
-940808 rewrite rcache code
-940808 fold in krb4 library
-940808 support for realm name changes
-940808 configuration file for krb5 clients to replace compile-time
- constants
-
-cleanup for later:
-
-940802 realloc lossage made more reasonable; requires a compile
- and run type of check, then use REALLOC everywhere, #defined
- to check if argument is NULL first, if realloc(NULL) returns
- NULL. This is to guard against lossage like SunOS.
-940802 yank isode from tree, insert tcl subset
-940802 sanity check API doc
-940802 deja gnu, testing framework
-940808 make depend
-940808 make sure we're using $(MAKE) everywhere
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-OLD TODO LIST. To be vetted later....
-
-
-
-look at sandia changes (contact gmachin@somnet.sandia.gov):
-
- admin server
-
- BSD applications
-
- kdc/v4 changes
-
-specific coding items:
-----------------------
-
-new protocol revision
-
-telnet client address checking (hard to get hold of the addr?)
-
-uuserver adds a ticket to the credentials cache each time it runs,
-even if the client is using the same ticket.
-
-KDC bulletproofing (after beta)
-
-KDC statistic gathering (after beta)
-
-admin server (after beta)
-
-applications
- nfs
- discuss (?)
- X11
-
-realm "quality" code and/or hooks (tytso) (after beta?)
-
-alloca/tempalloc (after beta)
-
-test suites (after beta)
-
-KDC transited field comma quoting
-
-verify that memcpy/memcmp is in use for principal names
-Make sure that all comparisons of principal components (realms, etc.)
-use memcmp instead of strcmp --- principal components can have nulls
-in them! (Don't blame me, blame OSI!)
- --> kdc realm transiting
-
-code boiling between scc_ and fcc_ (after beta)
-
-remove 32 bit dependencies (esp. in md4 and md5) (after beta)
-
-documentation issues:
---------------------
-
-manual pages (programs, library)
-
-Manual pages for appl/bsd need to be fixed!!!!
-
-what we depend on in the system (kprop, kdc: sockets; etc)
-
-build/installation doc:
- document expected "warnings", how to build it, configuration options
- picking up ss, com_err, makedepend, imake separately
- unifdef: ftp.uu.net:/bsd-sources/pgrm/unifdef/
-
-
-operation doc
- interrealm gotchas
-
-RFC
- DES bit ordering
- ap_rep vs. subsession keys
- assign "no meaning" #s for others?
- byte-wise comparison for principal names
- DER, "Zulu" format timestamps
-
-bug list
-
-testing issues:
---------------
-
-mprof/mnemosyne
-
-error paths
-
-DCE interoperability
-
-
-
-
-----------------------------------------------------------------
-
-library name problems: with shared libraries cryptoconf.o can't be
-replaced. Change docs to require static linking.
-
-
-----------------------------------------------------------------
-
-
-Document new functions:
-
-krb5_free_address
-krb5_append_addresses
-krb5_gc_via_2tgt
-
---------------------------------------------------------------
-
-Bad comment message in KRB5-aux.h (KRB5-types.c should be KRB5_tables.c)
-
projects / krb5.git / commitdiff