7 add some kind of remote admin protocol
11 configuration control for password expiration
19 Implement RFC1731 and 1734, pop over GSS-API
23 perhaps rsh and rshd should be able to handle the `traditional'
28 error messages when kerberos functions fail
32 should test more stuff
36 there's some room for improvement here.
40 should the KDC use keytabs to store its keys? Then it could use krb5_rd_req.
46 prepend a prefix on all generated symbols
56 process_context_token, display_status, add_cred, inquire_cred_by_mech,
57 export_sec_context, import_sec_context, inquire_names_for_mech, and
58 inquire_mechs_for_name not implemented.
60 get_mic, wrap: always uses the remote_subkey
62 only DES MAC MD5 and DES implemented.
64 wrap and unwrap always uses DES for sealing even if conf is not
67 minor_status is never set
69 init_sec_context: `initiator_cred_handle' and `time_req' ignored.
71 input channel bindings are not supported
73 delegation not implemented
75 anonymous credentials not implemented
81 fix atomic rename of database
85 replay cache not implemented
87 the following encryption types have been implemented: DES-CBC-CRC,
88 DES-CBC-MD4, DES-CBC-MD5, DES3-CBC-MD5, DES3-CBC-SHA1
90 supports the following checksums: CRC32, RSA-MD4, RSA-MD5,
91 RSA-MD4-DES, RSA-MD5-DES, RSA-MD5-DES3, SHA1, HMAC-SHA1-DES3
93 always generates a new subkey in an authenticator
95 should the sequence numbers be XORed?