From 130bbf6700845c1ad0ceb0205d11e86e96b9fe98 Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Thu, 1 Nov 2001 19:56:43 +0000 Subject: [PATCH] Sufficiently outdated as to be confusing git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13925 dc483132-0cff-0310-8789-dd5450dbe970 --- src/TODO | 305 ------------------------------------------------------- 1 file changed, 305 deletions(-) delete mode 100644 src/TODO diff --git a/src/TODO b/src/TODO deleted file mode 100644 index 44425fefe..000000000 --- a/src/TODO +++ /dev/null @@ -1,305 +0,0 @@ -Major projects: - -0. Update the rest of this file. I think it predates release 1.0! - -1. Run a V5 KDC on the master KDC. - * audit code in v4 kadmind server -DONE * convert syslog -> log (to real file) -DONE * save versus deletion of rcache file (HIGH PRIORITY) -DONE * Use dbm as the default database. (HIGH PRIORITY) -DONE * KDC does not notice new databases after new db loads (HIGH PRIORITY) - * KDC returns wrong starttime if queried too quickly with a TGS req. - after a TGT request. - * v4kadmind: convert syslog -> log (to real file) -DONE * v4kadmind: should store (kvno++ % 256) in database, or there should - be a mechanism in ktutil to query the server for the kvno - because V4 and V5 kvno's have different limits/wraps. - (currently, it is set to store kvno++ % 256) - -2. API changes -DONE * context changes (mostly done) -DONE * narrow types (done) -DONE * get_in_tkt for salt support, multi encryption -DONE * keytab lookup (for multi-encryption) -DONE * oracle forwarding support -DONE * Remove krb5_enctype argument from string_to_key(). (HIGH) - * Functionalize krb5.h (HIGH) - -3. Multi-encryption support -DONE * kdb5_edit support (show princal, set attributes) -DONE * test DES-MD5 -DONE * make DES-MD5 default, fall back to DES-CRC -DONE * DES_CBC_* are not being properly treated. - Requesting one type does not always return a key of the - same type (even if there is another DES key in the db). - -4. Better Kerberos Database -DONE * Design encoders/decoders -DONE * Added keytab routines to access to database. - * A krb5_db_context is necessary for all the db access routines. - Eg put_principal(), get_principal(), etc... - The API on these routines needs to be modified and the - current db_context needs to be removed from the krb5_context - to better support multiple databases/realms. (POST 1.0) - -5. Configuration file -DONE * write configuration file library - -6. Misc Cleanup - * check file vs stdio ccache code; replace file code with stdio - * rewrite rcache code -DONE * fold in krb4 library -DONE * kdc support automatic fallback (done) - * DES glue code rewrite -DONE * don't need NEED_SYS_FCNTL.H; just always include - * utmp configure cleanup - * telnet portability -DONE * CONFIG_RULES should include more standard rules (WITH_KRB4, etc.) - stuff that's in every single configure.in file. - * klist and kdestroy drags in the entire libcrypto library - unnecessarily; this is because init_ctx references - krb5_csarray (via valid_etype) and - krb5_max_crypto_system, which drags in cryptoconf.c -DONE * Make kinit not delete the credcache before tickets are - successfully obtained. - * Telnet/rlogin bug --- must do - gethostbyname()/gethostbyaddr() to get a real DNS name - so that we don't get bitten by athena.dialup.mit.edu - and resolvers which shuffle DNS records. (HIGH) - * GSSAPI V2 calls: gss_export_name(), gss_canonicalize_name(), - gss_inquire_mech_for_names() - * GSSAPI mechglue: gss_inquire_cred() not quite right for - default credential. Fix for Mech-Spec names. - * GSSAPI mechglue: gss_acquire_cred is really kinda broken... - Fix for mech-spec names. - * krb5 bugs - -7. Future development - * support for realm name changes (POST 1.0) - * telnet rsh support (POST 1.0) - * Make routines for updating the master key in a database. - Thinking about this I think its easier to have the - routines update the master key and then update every - principal in the database. Doing this will also allow - us to remove the mkvno field saving 2 bytes per entry. -DONE * Fix preauthentication code -DONE * Save the time offset between the kerberos server and the - current host in the credential cache. (Just need to - actually get and save the time.) - * Make a keysalt to salt function that takes keysalt info and - principal and returns a salt. - Routines: krb5_keysalt_to_salt(krb5_context, - krb5_keysalt, krb5_principal) - * Implement krb5_cc_remove_cred() (LOW) - * Implement tl_data for server keys supported by the server - for client-server communications. (LOW) - * Add profile entries for (HIGH) - default enctype (and salttype?) list for kinit and AS requests. - default enctype list for TGS requests in krb library - default enctype/salttype list for change password requests. - default enctype for change random key requests. - -8. New applications - * POP (POST 1.0) - * discuss (POST 1.0) -DONE * FTP (POST 1.0?) - * Zephyr (POST 1.0) - * Proper encrypted telnet (POST 1.0) - -9. Kadmin -DONE * Password changing protocol. - * kadmin --- Have ank, ark, cpw, crk use new protocol. (HIGH) - * kadmind (HIGH) - Finish work on modify entry command. - Make sure that db opens log before becoming a daemon. - -10. Install Cleanup -DONE * krb5.h still #include's the com_err error include files. krb5.h - should be constructed from krb5.hin, and those include - files should be inlined, so that we only need to - install the single krb5.h file. -DONE * We shouldn't be installing into /krb5. Should use the Gnu - coding standard prefix and exec_prefic setup, with the - kerberos database living in /prefix/lib/kdb5. (People - can symlink that off to another partition if they feel - the need.) - -11. Testing - * Test the new kdb locking code (HIGH) - * test cross realm authentication (HIGH) - * Test that db key_data crunching of enctypes actually works. (HIGH) - Routines in kdb_cpw.c: add_key_pwd(), add_key_rnd() - Routines in kdb_xdr.c: krb5_dbe_find_enctype() - * Test that krb5_dbm_db_put_principal() doesn't save a krb5_db_entry - with any keys with kvno = 0. (HIGH) - -12. Integration - * Merge in new GSSAPI code from OV. (HIGH) - -13. Post 1.0 items - * Incremental kprop - * Change krb5_enctype and krb5_checksumtype to be unsigned ints. - * Secure Network Key preauthentication. - * If configuring with --enable-athena, Athena-environment - setup for login. - ----------------------------------------------------------------------------- -I believe these are done but a double check would be nice. ----------------------------------------------------------------------------- - -Make sure kdb code doesn't save salt type KRB5_KDB_SALTTYPE_NORMAL (0) -into the db. - Routines: krb5_dbekd_decrypt_key_data(), krb5_dbekd_encrypt_key_data() - -Check that dump/restore actually works - Each entry needs to have a version, length, and each integer entry - needs to be saved with a hexidecimal encoding. The principals should - use parse/unparse routines. (Paul did the work but nobody has checked it) - - ------------------------------------------------------ - -OLD TODO ITEMS (to be vetted later) - - -needed before beta4-patch2: - -940802 stdargs/varargs breakage of ksu under SunOS - -not-quite-critical bug fixes: - -940802 double-check telnet problems, e.g. solaris pty grabbing -940802 rethink using compile check for fopen() binary mode - -future development: - -940808 check file vs stdio ccache code; replace file code with stdio -940808 rewrite rcache code -940808 fold in krb4 library -940808 support for realm name changes -940808 configuration file for krb5 clients to replace compile-time - constants - -cleanup for later: - -940802 realloc lossage made more reasonable; requires a compile - and run type of check, then use REALLOC everywhere, #defined - to check if argument is NULL first, if realloc(NULL) returns - NULL. This is to guard against lossage like SunOS. -940802 yank isode from tree, insert tcl subset -940802 sanity check API doc -940802 deja gnu, testing framework -940808 make depend -940808 make sure we're using $(MAKE) everywhere - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -OLD TODO LIST. To be vetted later.... - - - -look at sandia changes (contact gmachin@somnet.sandia.gov): - - admin server - - BSD applications - - kdc/v4 changes - -specific coding items: ----------------------- - -new protocol revision - -telnet client address checking (hard to get hold of the addr?) - -uuserver adds a ticket to the credentials cache each time it runs, -even if the client is using the same ticket. - -KDC bulletproofing (after beta) - -KDC statistic gathering (after beta) - -admin server (after beta) - -applications - nfs - discuss (?) - X11 - -realm "quality" code and/or hooks (tytso) (after beta?) - -alloca/tempalloc (after beta) - -test suites (after beta) - -KDC transited field comma quoting - -verify that memcpy/memcmp is in use for principal names -Make sure that all comparisons of principal components (realms, etc.) -use memcmp instead of strcmp --- principal components can have nulls -in them! (Don't blame me, blame OSI!) - --> kdc realm transiting - -code boiling between scc_ and fcc_ (after beta) - -remove 32 bit dependencies (esp. in md4 and md5) (after beta) - -documentation issues: --------------------- - -manual pages (programs, library) - -Manual pages for appl/bsd need to be fixed!!!! - -what we depend on in the system (kprop, kdc: sockets; etc) - -build/installation doc: - document expected "warnings", how to build it, configuration options - picking up ss, com_err, makedepend, imake separately - unifdef: ftp.uu.net:/bsd-sources/pgrm/unifdef/ - - -operation doc - interrealm gotchas - -RFC - DES bit ordering - ap_rep vs. subsession keys - assign "no meaning" #s for others? - byte-wise comparison for principal names - DER, "Zulu" format timestamps - -bug list - -testing issues: --------------- - -mprof/mnemosyne - -error paths - -DCE interoperability - - - - ----------------------------------------------------------------- - -library name problems: with shared libraries cryptoconf.o can't be -replaced. Change docs to require static linking. - - ----------------------------------------------------------------- - - -Document new functions: - -krb5_free_address -krb5_append_addresses -krb5_gc_via_2tgt - --------------------------------------------------------------- - -Bad comment message in KRB5-aux.h (KRB5-types.c should be KRB5_tables.c) - -- 2.26.2