HardenedBSD/crypto/heimdal/TODO

108 lines
1.8 KiB
Plaintext
Raw Normal View History

-*- indented-text -*-
2000-02-24 12:07:16 +01:00
$Id: TODO,v 1.40 2000/01/28 04:10:56 assar Exp $
* configure
use more careful checking before starting to use berkeley db. it only
makes sense to do so if we have the appropriate library and the header
file.
* appl
more programs here
** appl/login
/etc/environment etc.
** appl/popper
Implement RFC1731 and 1734, pop over GSS-API
** appl/test
should test more stuff
** appl/rsh
add rcp program
** appl/ftp
* doc
there's some room for improvement here.
* kdc
* kadmin
is in need of a major cleanup
* lib
** lib/asn1
prepend a prefix on all generated symbols
make asn1_compile use enum types where applicable
** lib/auth
PAM
** lib/des
** lib/gssapi
process_context_token, display_status, add_cred, inquire_cred_by_mech,
export_sec_context, import_sec_context, inquire_names_for_mech, and
inquire_mechs_for_name not implemented.
only DES MAC MD5 and DES implemented.
set minor_status in all functions
init_sec_context: `initiator_cred_handle' and `time_req' ignored.
input channel bindings are not supported
delegation not implemented
anonymous credentials not implemented
** lib/hdb
** lib/kadm5
add policies?
fix to use rpc?
** lib/krb5
2000-02-24 12:07:16 +01:00
rewrite the lookup of KDCs to handle kerberos-<n> and not do any DNS
requests if the information can be found locally. this requires stop
using krb5_get_krbhst.
the replay cache is, in its current state, not very useful
the following encryption types have been implemented: DES-CBC-CRC,
DES-CBC-MD4, DES-CBC-MD5, DES3-CBC-MD5, DES3-CBC-SHA1
supports the following checksums: CRC32, RSA-MD4, RSA-MD5,
RSA-MD4-DES, RSA-MD5-DES, RSA-MD5-DES3, SHA1, HMAC-SHA1-DES3
always generates a new subkey in an authenticator
should the sequence numbers be XORed?
fix pre-authentication with pa-afs3-salt
OTP?
** lib/roken
** lib/sl