7 add some kind of remote admin protocol
11 configuration control for password expiration
19 Implement RFC1731 and 1734, pop over GSS-API
23 perhaps rsh and rshd should be able to handle the `traditional'
28 error messages when kerberos functions fail
32 should test more stuff
36 there's some room for improvement here.
40 should the KDC use keytabs to store its keys? Then it could use krb5_rd_req.
44 is in need of a major cleanup
50 prepend a prefix on all generated symbols
60 process_context_token, display_status, add_cred, inquire_cred_by_mech,
61 export_sec_context, import_sec_context, inquire_names_for_mech, and
62 inquire_mechs_for_name not implemented.
64 get_mic, wrap: always uses the remote_subkey
66 only DES MAC MD5 and DES implemented.
68 wrap and unwrap always uses DES for sealing even if conf is not
71 minor_status is never set
73 init_sec_context: `initiator_cred_handle' and `time_req' ignored.
75 input channel bindings are not supported
77 delegation not implemented
79 anonymous credentials not implemented
85 fix atomic rename of database
95 fix addresses when there are no addresses
97 replay cache not implemented
99 the following encryption types have been implemented: DES-CBC-CRC,
100 DES-CBC-MD4, DES-CBC-MD5, DES3-CBC-MD5, DES3-CBC-SHA1
102 supports the following checksums: CRC32, RSA-MD4, RSA-MD5,
103 RSA-MD4-DES, RSA-MD5-DES, RSA-MD5-DES3, SHA1, HMAC-SHA1-DES3
105 always generates a new subkey in an authenticator
107 should the sequence numbers be XORed?