NetBSD/crypto/dist/heimdal/TODO

-*- indented-text -*-

$Id: TODO,v 1.1.1.1 2000/06/16 18:31:36 thorpej Exp $

* configure

use more careful checking before starting to use berkeley db.  it only
makes sense to do so if we have the appropriate library and the header
file.

* appl

more programs here

** appl/login

/etc/environment etc.

** appl/popper

Implement RFC1731 and 1734, pop over GSS-API

** appl/test

should test more stuff

** appl/rsh

add rcp program

** appl/ftp

* doc

there's some room for improvement here.

* kdc

* kadmin

is in need of a major cleanup

* lib

** lib/asn1

prepend a prefix on all generated symbols

make asn1_compile use enum types where applicable

** lib/auth

PAM

** lib/des

** lib/gssapi

process_context_token, display_status, add_cred, inquire_cred_by_mech,
export_sec_context, import_sec_context, inquire_names_for_mech, and
inquire_mechs_for_name not implemented.

only DES MAC MD5 and DES implemented.

set minor_status in all functions

init_sec_context: `initiator_cred_handle' and `time_req' ignored.

input channel bindings are not supported

delegation not implemented

anonymous credentials not implemented

** lib/hdb

** lib/kadm5

add policies?

fix to use rpc?

** lib/krb5

rewrite the lookup of KDCs to handle kerberos-<n> and not do any DNS
requests if the information can be found locally.  this requires stop
using krb5_get_krbhst.

the replay cache is, in its current state, not very useful

the following encryption types have been implemented: DES-CBC-CRC,
DES-CBC-MD4, DES-CBC-MD5, DES3-CBC-MD5, DES3-CBC-SHA1

supports the following checksums: CRC32, RSA-MD4, RSA-MD5,
RSA-MD4-DES, RSA-MD5-DES, RSA-MD5-DES3, SHA1, HMAC-SHA1-DES3

always generates a new subkey in an authenticator

should the sequence numbers be XORed?

fix pre-authentication with pa-afs3-salt

OTP?

** lib/roken

** lib/sl
Import Heimdal Kerberos 5 from cryptosrc-intl. 2000-06-16 22:31:35 +04:00			`-- indented-text --`

			$Id: TODO,v 1.1.1.1 2000/06/16 18:31:36 thorpej Exp $

			`* configure`

			`use more careful checking before starting to use berkeley db. it only`
			`makes sense to do so if we have the appropriate library and the header`
			`file.`

			`* appl`

			`more programs here`

			`** appl/login`

			`/etc/environment etc.`

			`** appl/popper`

			`Implement RFC1731 and 1734, pop over GSS-API`

			`** appl/test`

			`should test more stuff`

			`** appl/rsh`

			`add rcp program`

			`** appl/ftp`

			`* doc`

			`there's some room for improvement here.`

			`* kdc`

			`* kadmin`

			`is in need of a major cleanup`

			`* lib`

			`** lib/asn1`

			`prepend a prefix on all generated symbols`

			`make asn1_compile use enum types where applicable`

			`** lib/auth`

			`PAM`

			`** lib/des`

			`** lib/gssapi`

			`process_context_token, display_status, add_cred, inquire_cred_by_mech,`
			`export_sec_context, import_sec_context, inquire_names_for_mech, and`
			`inquire_mechs_for_name not implemented.`

			`only DES MAC MD5 and DES implemented.`

			`set minor_status in all functions`

			init_sec_context: `initiator_cred_handle' and `time_req' ignored.

			`input channel bindings are not supported`

			`delegation not implemented`

			`anonymous credentials not implemented`

			`** lib/hdb`

			`** lib/kadm5`

			`add policies?`

			`fix to use rpc?`

			`** lib/krb5`

			`rewrite the lookup of KDCs to handle kerberos-<n> and not do any DNS`
			`requests if the information can be found locally. this requires stop`
			`using krb5_get_krbhst.`

			`the replay cache is, in its current state, not very useful`

			`the following encryption types have been implemented: DES-CBC-CRC,`
			`DES-CBC-MD4, DES-CBC-MD5, DES3-CBC-MD5, DES3-CBC-SHA1`

			`supports the following checksums: CRC32, RSA-MD4, RSA-MD5,`
			`RSA-MD4-DES, RSA-MD5-DES, RSA-MD5-DES3, SHA1, HMAC-SHA1-DES3`

			`always generates a new subkey in an authenticator`

			`should the sequence numbers be XORed?`

			`fix pre-authentication with pa-afs3-salt`

			`OTP?`

			`** lib/roken`

			`** lib/sl`