Major projects: 1. Run a V5 KDC on the master KDC. * audit code in v4 kadmind server * convert syslog -> log (to real file) * save versus deletion of rcache file 2. API changes DONE * context changes (mostly done) DONE * narrow types (done) DONE * get_in_tkt for salt support, multi encryption DONE * keytab lookup (for multi-encryption) DONE * oracle forwarding support 3. Multi-encryption support DONE * kdb5_edit support (show princal, set attributes) DONE * test DES-MD5 DONE * make DES-MD5 default, fall back to DES-CRC 4. Better Kerberos Database * Design encoders/decoders 5. Configuration file DONE * write configuration file library 6. Misc Cleanup * check file vs stdio ccache code; replace file code with stdio * rewrite rcache code DONE * fold in krb4 library DONE * kdc support automatic fallback (done) * DES glue code rewrite * don't need NEED_SYS_FCNTL.H; just always include * utmp configure cleanup * telnet portability * CONFIG_RULES should include more standard rules (WITH_KRB4, etc.) stuff that's in every single configure.in file. * klist and kdestroy drags in the entire libcrypto library unnecessarily; this is because init_ctx references krb5_csarray (via valid_etype) and krb5_max_crypto_system, which drags in cryptoconf.c 7. Future development * support for realm name changes * telnet rsh support 8. New applications * POP * FTP 9. Kadmin DONE * Password changing protocol. 10. Install Cleanup * krb5.h still #include's the com_err error include files. krb5.h should be constructed from krb5.hin, and those include files should be inlined, so that we only need to install the single krb5.h file. * We shouldn't be installing into /krb5. Should use the Gnu coding standard prefix and exec_prefic setup, with the kerberos database living in /prefix/lib/kdb5. (People can symlink that off to another partition if they feel the need.) ----------------------------------------------------- OLD TODO ITEMS (to be vetted later) needed before beta4-patch2: 940802 stdargs/varargs breakage of ksu under SunOS not-quite-critical bug fixes: 940808 Support for DES-MD5 940802 double-check telnet problems, e.g. solaris pty grabbing 940802 rethink using compile check for fopen() binary mode future development: 940808 check file vs stdio ccache code; replace file code with stdio 940808 rewrite rcache code 940808 fold in krb4 library 940808 memory ccache 940808 support for realm name changes 940808 configuration file for krb5 clients to replace compile-time constants cleanup for later: 940802 realloc lossage made more reasonable; requires a compile and run type of check, then use REALLOC everywhere, #defined to check if argument is NULL first, if realloc(NULL) returns NULL. This is to guard against lossage like SunOS. 940802 yank isode from tree, insert tcl subset 940802 sanity check API doc 940802 deja gnu, testing framework 940808 make depend 940808 make sure we're using $(MAKE) everywhere %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% OLD TODO LIST. To be vetted later.... look at sandia changes (contact gmachin@somnet.sandia.gov): admin server BSD applications kdc/v4 changes specific coding items: ---------------------- new protocol revision telnet client address checking (hard to get hold of the addr?) uuserver adds a ticket to the credentials cache each time it runs, even if the client is using the same ticket. KDC bulletproofing (after beta) KDC statistic gathering (after beta) admin server (after beta) applications nfs discuss (?) X11 realm "quality" code and/or hooks (tytso) (after beta?) alloca/tempalloc (after beta) test suites (after beta) KDC transited field comma quoting verify that memcpy/memcmp is in use for principal names Make sure that all comparisons of principal components (realms, etc.) use memcmp instead of strcmp --- principal components can have nulls in them! (Don't blame me, blame OSI!) --> kdc realm transiting code boiling between scc_ and fcc_ (after beta) remove 32 bit dependencies (esp. in md4 and md5) (after beta) documentation issues: -------------------- manual pages (programs, library) Manual pages for appl/bsd need to be fixed!!!! what we depend on in the system (kprop, kdc: sockets; etc) build/installation doc: document expected "warnings", how to build it, configuration options picking up ss, com_err, makedepend, imake separately unifdef: ftp.uu.net:/bsd-sources/pgrm/unifdef/ operation doc interrealm gotchas RFC DES bit ordering ap_rep vs. subsession keys assign "no meaning" #s for others? byte-wise comparison for principal names DER, "Zulu" format timestamps bug list testing issues: -------------- mprof/mnemosyne error paths DCE interoperability ---------------------------------------------------------------- library name problems: with shared libraries cryptoconf.o can't be replaced. Change docs to require static linking. ---------------------------------------------------------------- Document new functions: krb5_free_address krb5_append_addresses krb5_gc_via_2tgt -------------------------------------------------------------- Bad comment message in KRB5-aux.h (KRB5-types.c should be KRB5_tables.c)