7 add some kind of remote admin protocol
11 configuration control for password expiration
19 Implement RFC1731 and 1734, pop over GSS-API
23 perhaps rsh and rshd should be able to handle the `traditional'
28 error messages when kerberos functions fail
32 should test more stuff
36 there's some room for improvement here.
40 should the KDC use keytabs to store its keys? Then it could use krb5_rd_req.
46 prepend a prefix on all generated symbols
56 process_context_token, display_status, add_cred, inquire_cred_by_mech,
57 export_sec_context, import_sec_context, inquire_names_for_mech, and
58 inquire_mechs_for_name not implemented.
60 get_mic, wrap: always uses the remote_subkey
62 only DES MAC MD5 and DES implemented.
64 wrap and unwrap always uses DES for sealing even if conf is not
67 minor_status is never set
69 init_sec_context: `initiator_cred_handle' and `time_req' ignored.
71 input channel bindings are not supported
73 delegation not implemented
75 anonymous credentials not implemented
79 fix encryption of database entries and master keys.
83 fix atomic rename of database
87 replay cache not implemented
89 the following encryption types have been implemented: DES-CBC-CRC,
90 DES-CBC-MD4, DES-CBC-MD5
92 supports the following checksums: CRC32, RSA-MD4, RSA-MD5,
93 RSA-MD4-DES, RSA-MD5-DES
95 always generates a new subkey in an authenticator
97 probably leaks memory when errors occur
99 should the sequence numbers be XORed?
101 encryption and checksum type is still hardcoded in some places.