1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
|
Major projects:
1. Run a V5 KDC on the master KDC.
* audit code in v4 kadmind server
* convert syslog -> log (to real file)
* save versus deletion of rcache file
2. API changes
DONE * context changes (mostly done)
DONE * narrow types (done)
DONE * get_in_tkt for salt support, multi encryption
DONE * keytab lookup (for multi-encryption)
DONE * oracle forwarding support
3. Multi-encryption support
DONE * kdb5_edit support (show princal, set attributes)
DONE * test DES-MD5
DONE * make DES-MD5 default, fall back to DES-CRC
4. Better Kerberos Database
* Design encoders/decoders
5. Configuration file
DONE * write configuration file library
6. Misc Cleanup
* check file vs stdio ccache code; replace file code with stdio
* rewrite rcache code
DONE * fold in krb4 library
DONE * kdc support automatic fallback (done)
* DES glue code rewrite
* don't need NEED_SYS_FCNTL.H; just always include <fnctl.h>
* utmp configure cleanup
* telnet portability
* CONFIG_RULES should include more standard rules (WITH_KRB4, etc.)
stuff that's in every single configure.in file.
* klist and kdestroy drags in the entire libcrypto library
unnecessarily; this is because init_ctx references
krb5_csarray (via valid_etype) and
krb5_max_crypto_system, which drags in cryptoconf.c
7. Future development
* support for realm name changes
* telnet rsh support
8. New applications
* POP
* FTP
9. Kadmin
DONE * Password changing protocol.
10. Install Cleanup
* krb5.h still #include's the com_err error include files. krb5.h
should be constructed from krb5.hin, and those include
files should be inlined, so that we only need to
install the single krb5.h file.
* We shouldn't be installing into /krb5. Should use the Gnu
coding standard prefix and exec_prefic setup, with the
kerberos database living in /prefix/lib/kdb5. (People
can symlink that off to another partition if they feel
the need.)
-----------------------------------------------------
OLD TODO ITEMS (to be vetted later)
needed before beta4-patch2:
940802 stdargs/varargs breakage of ksu under SunOS
not-quite-critical bug fixes:
940808 Support for DES-MD5
940802 double-check telnet problems, e.g. solaris pty grabbing
940802 rethink using compile check for fopen() binary mode
future development:
940808 check file vs stdio ccache code; replace file code with stdio
940808 rewrite rcache code
940808 fold in krb4 library
940808 memory ccache
940808 support for realm name changes
940808 configuration file for krb5 clients to replace compile-time
constants
cleanup for later:
940802 realloc lossage made more reasonable; requires a compile
and run type of check, then use REALLOC everywhere, #defined
to check if argument is NULL first, if realloc(NULL) returns
NULL. This is to guard against lossage like SunOS.
940802 yank isode from tree, insert tcl subset
940802 sanity check API doc
940802 deja gnu, testing framework
940808 make depend
940808 make sure we're using $(MAKE) everywhere
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
OLD TODO LIST. To be vetted later....
look at sandia changes (contact gmachin@somnet.sandia.gov):
admin server
BSD applications
kdc/v4 changes
specific coding items:
----------------------
new protocol revision
telnet client address checking (hard to get hold of the addr?)
uuserver adds a ticket to the credentials cache each time it runs,
even if the client is using the same ticket.
KDC bulletproofing (after beta)
KDC statistic gathering (after beta)
admin server (after beta)
applications
nfs
discuss (?)
X11
realm "quality" code and/or hooks (tytso) (after beta?)
alloca/tempalloc (after beta)
test suites (after beta)
KDC transited field comma quoting
verify that memcpy/memcmp is in use for principal names
Make sure that all comparisons of principal components (realms, etc.)
use memcmp instead of strcmp --- principal components can have nulls
in them! (Don't blame me, blame OSI!)
--> kdc realm transiting
code boiling between scc_ and fcc_ (after beta)
remove 32 bit dependencies (esp. in md4 and md5) (after beta)
documentation issues:
--------------------
manual pages (programs, library)
Manual pages for appl/bsd need to be fixed!!!!
what we depend on in the system (kprop, kdc: sockets; etc)
build/installation doc:
document expected "warnings", how to build it, configuration options
picking up ss, com_err, makedepend, imake separately
unifdef: ftp.uu.net:/bsd-sources/pgrm/unifdef/
operation doc
interrealm gotchas
RFC
DES bit ordering
ap_rep vs. subsession keys
assign "no meaning" #s for others?
byte-wise comparison for principal names
DER, "Zulu" format timestamps
bug list
testing issues:
--------------
mprof/mnemosyne
error paths
DCE interoperability
----------------------------------------------------------------
library name problems: with shared libraries cryptoconf.o can't be
replaced. Change docs to require static linking.
----------------------------------------------------------------
Document new functions:
krb5_free_address
krb5_append_addresses
krb5_gc_via_2tgt
--------------------------------------------------------------
Bad comment message in KRB5-aux.h (KRB5-types.c should be KRB5_tables.c)
|
