summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-10-01 01:19:12 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:39:16 -0500
commit3223cd45ee02b1395e2295d5e5afa996a10ae8d1 (patch)
tree6cdd493d94e47788708f5b1e8ec34b05320e4c52 /source4/auth
parent69c7cd98ce8d2e529ce764a37a3b9b2a9d1917f7 (diff)
downloadsamba-3223cd45ee02b1395e2295d5e5afa996a10ae8d1.tar.gz
samba-3223cd45ee02b1395e2295d5e5afa996a10ae8d1.tar.bz2
samba-3223cd45ee02b1395e2295d5e5afa996a10ae8d1.zip
r10670: Add notes on things that are TODO in Samba4 kerberos land.
Andrew Bartlett (This used to be commit 5b2114bb9c604e8d36887e1131175da327eabc84)
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/kerberos/kerberos-notes.txt46
1 files changed, 46 insertions, 0 deletions
diff --git a/source4/auth/kerberos/kerberos-notes.txt b/source4/auth/kerberos/kerberos-notes.txt
index 3b2989eee1..a36bf556aa 100644
--- a/source4/auth/kerberos/kerberos-notes.txt
+++ b/source4/auth/kerberos/kerberos-notes.txt
@@ -374,3 +374,49 @@ DNS lookups on names without a . in them. This should avoid some
delay and root server load.
+Kerberos TODO
+=============
+
+(Feel free to contribute to any of these tasks, or ask
+abartlet@samba.org about them).
+
+Gssmonger
+---------
+
+Microsoft has released a testsuite called gssmonger, which tests
+interop. We should compile it against lorikeet-heimdal, MIT and see
+if we can build a 'Samba4' server for it.
+
+PAC Correctness
+---------------
+
+We need to put the PAC into the TGT, not just the service ticket.
+
+Authz data extraction
+---------------------
+
+We need to parse the authz data field correctly, and have a generic
+rouitine to get at particular types of data, no matter their inclusion
+in 'if relevent' or other stuctures. This should be a utlity function
+we can use in both the client libs and KDC.
+
+Forwarded tickets
+-----------------
+
+We need to extract forwarded tickets from the GSSAPI layer, and put
+them into the credentials. We can then use them for proxy work.
+
+Access Control
+--------------
+
+We need to get (either if PADL publishes their patch, or write our
+own) access control hooks in the Heimdal KDC. We need to lockout
+accounts, and perform other controls.
+
+Kpasswd server
+--------------
+
+I have a partial kpasswd server which needs finishing, and a client
+testsuite written, either via the krb5 API or directly against GENSEC
+and the ASN.1 routines.
+