7 add some kind of remote admin protocol
9 allow changing of all fields with kdb_edit
13 configuration control for password expiration
21 Implement RFC1731 and 1734, pop over GSS-API
25 perhaps rsh and rshd should be able to handle the `traditional'
30 error messages when kerberos functions fail
34 should test more stuff
38 there's some room for improvement here.
42 should the KDC use keytabs to store its keys? Then it could use krb5_rd_req.
48 prepend a prefix on all generated symbols
56 md4, md5, and sha doesn't work on Crays.
60 acquire_cred, release_cred, process_context_token, context_time,
61 display_status, compare_names, export_name, inquire_cred,
62 wrap_size_limit, add_cred, inquire_cred_by_mech, export_sec_context,
63 import_sec_context, inquire_names_for_mech, inquire_mechs_for_name,
64 canonicalize_name, and duplicate_name not implemented.
66 import_name only understands GSS_C_NT_HOSTBASED_SERVICE and
69 get_mic, wrap: always uses the remote_subkey
71 only DES MAC MD5 and DES implemented.
73 wrap and unwrap always uses DES for sealing even if conf is not
76 minor_status is never set
78 init_sec_context: `initiator_cred_handle' and `time_req' ignored.
80 accept_sec_context: the first principal in the srvtab is always used.
82 accept_sec_context: `acceptor_cred_handle' is ignored.
84 input channel bindings are not supported
86 delegation not implemented
88 anonymous credentials not implemented
92 fix encryption of database entries and master keys.
96 fix atomic rename of database
100 replay cache not implemented
102 the following encryption types have been implemented: DES-CBC-CRC,
103 DES-CBC-MD4, DES-CBC-MD5
105 supports the following checksums: CRC32, RSA-MD4, RSA-MD5,
106 RSA-MD4-DES, RSA-MD5-DES
108 always generates a new subkey in an authenticator
110 probably leaks memory when errors occur
112 should the sequence numbers be XORed?
114 encryption and checksum type is still hardcoded in some places.
116 wait for error before generating preauthentication