From: Ken Raeburn <raeburn@mit.edu>
Date: Mon, 4 Aug 2008 21:39:10 +0000 (+0000)
Subject: some comments from Love
X-Git-Tag: krb5-1.7-alpha1~540
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=42c753c7976b1192ba5d5279f5d6c0302e18fc8d;p=krb5.git

some comments from Love

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20604 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/doc/iprop-notes.txt b/doc/iprop-notes.txt
index 890efdc1e..8efee36f6 100644
--- a/doc/iprop-notes.txt
+++ b/doc/iprop-notes.txt
@@ -126,3 +126,15 @@ it in debug mode ("-d").  You'll still lose all output from the
 invocation of kdb5_util dump and kprop run out of kadmind.
 
 Other man page updates needed: Anything with new -x options.
+
+Comments from lha:
+
+Verify both client and server are demanding privacy from RPC.
+
+Authorization code in check_iprop_rpcsec_auth is weird.  Check realm
+checking, is it trusting the client realm length?
+
+What will happen if my realm is named "A" and I can get a cross realm
+(though multihop) to ATHENA.MIT.EDU's iprop server?
+
+Why is the ACL not applied before we get to the functions themselves?