(sec_read): more paranoia with return value from sec_get_data

[heimdal.git] / TODO

-*- indented-text -*-

$Id$

* configure

use more careful checking before starting to use berkeley db.  it only
makes sense to do so if we have the appropriate library and the header
file.

* appl

more programs here

** appl/login

/etc/environment etc.

** appl/popper

Implement RFC1731 and 1734, pop over GSS-API

** appl/test

should test more stuff

** appl/rsh

add rcp program

** appl/ftp

* doc

there's some room for improvement here.

* kdc

* kadmin

is in need of a major cleanup

* lib

** lib/asn1

prepend a prefix on all generated symbols

make asn1_compile use enum types where applicable

** lib/auth

PAM

** lib/des

** lib/gssapi

process_context_token, display_status, add_cred, inquire_cred_by_mech,
export_sec_context, import_sec_context, inquire_names_for_mech, and
inquire_mechs_for_name not implemented.

only DES MAC MD5 and DES implemented.

set minor_status in all functions

init_sec_context: `initiator_cred_handle' and `time_req' ignored.

input channel bindings are not supported

delegation not implemented

anonymous credentials not implemented

** lib/hdb

** lib/kadm5

add policies?

fix to use rpc?

** lib/krb5

rewrite the lookup of KDCs to handle kerberos-<n> and not do any DNS
requests if the information can be found locally.  this requires stop
using krb5_get_krbhst.

the replay cache is, in its current state, not very useful

the following encryption types have been implemented: DES-CBC-CRC,
DES-CBC-MD4, DES-CBC-MD5, DES3-CBC-MD5, DES3-CBC-SHA1

supports the following checksums: CRC32, RSA-MD4, RSA-MD5,
RSA-MD4-DES, RSA-MD5-DES, RSA-MD5-DES3, SHA1, HMAC-SHA1-DES3

always generates a new subkey in an authenticator

should the sequence numbers be XORed?

fix pre-authentication with pa-afs3-salt

OTP?

** lib/roken

** lib/sl