| 1 |
Documentation: |
| 2 |
|
| 3 |
- Update the docs |
| 4 |
- Update README |
| 5 |
- Update INSTALL |
| 6 |
- Merge INSTALL & README.privsep |
| 7 |
|
| 8 |
- Install FAQ? |
| 9 |
|
| 10 |
- General FAQ on S/Key, TIS, RSA, RSA2, DSA, etc and suggestions on when it |
| 11 |
would be best to use them. |
| 12 |
|
| 13 |
- Create a Documentation/ directory? |
| 14 |
|
| 15 |
Programming: |
| 16 |
|
| 17 |
- Grep for 'XXX' comments and fix |
| 18 |
|
| 19 |
- Link order is incorrect for some systems using Kerberos 4 and AFS. Result |
| 20 |
is multiple inclusion of DES symbols. Holger Trapp |
| 21 |
<holger.trapp@hrz.tu-chemnitz.de> reports that changing the configure |
| 22 |
generated link order from: |
| 23 |
-lresolv -lkrb -lz -lnsl -lutil -lkafs -lkrb -ldes -lcrypto |
| 24 |
to: |
| 25 |
-lresolv -lkrb -lz -lnsl -lutil -lcrypto -lkafs -lkrb -ldes |
| 26 |
fixing the problem. |
| 27 |
|
| 28 |
- Write a test program that calls stat() to search for EGD/PRNGd socket |
| 29 |
rather than use the (non-portable) "test -S". |
| 30 |
|
| 31 |
- More platforms for for setproctitle() emulation (testing needed) |
| 32 |
|
| 33 |
- Improve PAM ChallengeResponseAuthentication |
| 34 |
- Informational messages |
| 35 |
- Use different PAM service name for kbdint vs regular auth (suggest from |
| 36 |
Solar Designer) |
| 37 |
- Ability to select which ChallengeResponseAuthentications may be used |
| 38 |
and order to try them in e.g. "ChallengeResponseAuthentication skey, pam" |
| 39 |
|
| 40 |
- Complete Tru64 SIA support |
| 41 |
- It looks like we could merge it into the password auth code to cut down |
| 42 |
on diff size. Maybe PAM password auth too? |
| 43 |
|
| 44 |
- Finish integrating kernel-level auditing code for IRIX and SOLARIS |
| 45 |
(Gilbert.r.loomis@saic.com) |
| 46 |
|
| 47 |
- 64-bit builds on HP-UX 11.X (stevesk@pobox.com): |
| 48 |
- utmp/wtmp get corrupted (something in loginrec?) |
| 49 |
- can't build with PAM (no 64-bit libpam yet) |
| 50 |
|
| 51 |
Clean up configure/makefiles: |
| 52 |
- Clean up configure.ac - There are a few double #defined variables |
| 53 |
left to do. HAVE_LOGIN is one of them. Consider NOT looking for |
| 54 |
information in wtmpx or utmpx or any of that stuff if it's not detected |
| 55 |
from the start |
| 56 |
|
| 57 |
- Replace the whole u_intXX_t evilness in acconfig.h with something better??? |
| 58 |
- Do it in configure.ac |
| 59 |
|
| 60 |
- Consider splitting the u_intXX_t test for sys/bitype.h into seperate test |
| 61 |
to allow people to (right/wrongfully) link against Bind directly. |
| 62 |
|
| 63 |
- Consider splitting configure.ac into seperate files which do logically |
| 64 |
similar tests. E.g move all the type detection stuff into one file, |
| 65 |
entropy related stuff into another. |
| 66 |
|
| 67 |
Packaging: |
| 68 |
- HP-UX: Provide DEPOT package scripts. |
| 69 |
(gilbert.r.loomis@saic.com) |
| 70 |
|
| 71 |
PrivSep Issues: |
| 72 |
- PAM |
| 73 |
+ See above PAM notes |
| 74 |
- AIX |
| 75 |
+ usrinfo() does not set TTY, but only required for legacy systems. Works |
| 76 |
with PrivSep. |
| 77 |
- OSF |
| 78 |
+ SIA is broken |
| 79 |
- Cygwin |
| 80 |
+ Privsep for Pre-auth only (no fd passing) |
