7 add some kind of remote admin protocol
11 configuration control for password expiration
21 Implement RFC1731 and 1734, pop over GSS-API
25 perhaps rsh and rshd should be able to handle the `traditional'
30 error messages when kerberos functions fail
34 should test more stuff
38 there's some room for improvement here.
42 should the KDC use keytabs to store its keys? Then it could use krb5_rd_req.
48 prepend a prefix on all generated symbols
58 process_context_token, display_status, add_cred, inquire_cred_by_mech,
59 export_sec_context, import_sec_context, inquire_names_for_mech, and
60 inquire_mechs_for_name not implemented.
62 get_mic, wrap: always uses the remote_subkey
64 only DES MAC MD5 and DES implemented.
66 wrap and unwrap always uses DES for sealing even if conf is not
69 minor_status is never set
71 init_sec_context: `initiator_cred_handle' and `time_req' ignored.
73 input channel bindings are not supported
75 delegation not implemented
77 anonymous credentials not implemented
83 fix atomic rename of database
87 replay cache not implemented
89 the following encryption types have been implemented: DES-CBC-CRC,
90 DES-CBC-MD4, DES-CBC-MD5
92 supports the following checksums: CRC32, RSA-MD4, RSA-MD5,
93 RSA-MD4-DES, RSA-MD5-DES
95 always generates a new subkey in an authenticator
97 probably leaks memory when errors occur
99 should the sequence numbers be XORed?
101 encryption and checksum type is still hardcoded in some places.