diff options
author | Simo Sorce <ssorce@redhat.com> | 2011-06-08 18:36:34 -0400 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2011-10-12 16:46:36 -0400 |
commit | 8b7eb0424217a7d272c426d82dfe4ee30ac2c096 (patch) | |
tree | 492c2dcdba00b67864c844423c65999186ebcc85 | |
parent | d2e66fb4a449b41077632baf2daf2a86728f9a47 (diff) | |
download | freeipa-8b7eb0424217a7d272c426d82dfe4ee30ac2c096.tar.gz freeipa-8b7eb0424217a7d272c426d82dfe4ee30ac2c096.tar.xz freeipa-8b7eb0424217a7d272c426d82dfe4ee30ac2c096.zip |
NO-PUSH: TODO and 2.0->3.0 upgrade notes
-rw-r--r-- | UPGRADES.TODO | 5 | ||||
-rw-r--r-- | daemons/ipa-kdb/TODO | 17 |
2 files changed, 22 insertions, 0 deletions
diff --git a/UPGRADES.TODO b/UPGRADES.TODO new file mode 100644 index 000000000..74074af9c --- /dev/null +++ b/UPGRADES.TODO @@ -0,0 +1,5 @@ +- krb5.conf changes from kldap to ipakdd.so +- dirsrv changes to cn=config for EXTERNAL auth +- krbMkey change of format, from single value to multivalue +- changes to config to start kadmin instead of ipa_kpasswd +- add new schema diff --git a/daemons/ipa-kdb/TODO b/daemons/ipa-kdb/TODO new file mode 100644 index 000000000..5bcdd6ca7 --- /dev/null +++ b/daemons/ipa-kdb/TODO @@ -0,0 +1,17 @@ + +* Handle KRB5_KDB_REQUIRES_PWCHANGE in entry->attributes so that ipa-pwd-extop + can use it too. + +* Change ipa-pwd-extop to be able to properly read a krbMKey with multiple values +* In change_pwd properly handle keepold if mkvno differs + +Pwd change behavior and kadmind/kadmin.local: +* How to detect/allow password changes for users based on ACIs in LDAP ? + CANNOT, Only own password changes will be allowed +* How to allow admin to always change pw but mark the pw as expired ? + NOT via kadmin + +FUTURE: +add code to handle change of masterkey by adding new krbMKey and having +ipa-pwd-extop start a task to re-encode keys. Possibly do that with a special +extended operation. |