1 |
Documentation: |
2 |
|
3 |
- Update the docs |
4 |
- Update README |
5 |
- Update INSTALL |
6 |
- Merge INSTALL & README.privsep |
7 |
|
8 |
- Install FAQ? |
9 |
|
10 |
- General FAQ on S/Key, TIS, RSA, RSA2, DSA, etc and suggestions on when it |
11 |
would be best to use them. |
12 |
|
13 |
- Create a Documentation/ directory? |
14 |
|
15 |
Programming: |
16 |
|
17 |
- Grep for 'XXX' comments and fix |
18 |
|
19 |
- Link order is incorrect for some systems using Kerberos 4 and AFS. Result |
20 |
is multiple inclusion of DES symbols. Holger Trapp |
21 |
<holger.trapp@hrz.tu-chemnitz.de> reports that changing the configure |
22 |
generated link order from: |
23 |
-lresolv -lkrb -lz -lnsl -lutil -lkafs -lkrb -ldes -lcrypto |
24 |
to: |
25 |
-lresolv -lkrb -lz -lnsl -lutil -lcrypto -lkafs -lkrb -ldes |
26 |
fixing the problem. |
27 |
|
28 |
- Write a test program that calls stat() to search for EGD/PRNGd socket |
29 |
rather than use the (non-portable) "test -S". |
30 |
|
31 |
- More platforms for for setproctitle() emulation (testing needed) |
32 |
|
33 |
- Improve PAM ChallengeResponseAuthentication |
34 |
- Informational messages |
35 |
- Use different PAM service name for kbdint vs regular auth (suggest from |
36 |
Solar Designer) |
37 |
- Ability to select which ChallengeResponseAuthentications may be used |
38 |
and order to try them in e.g. "ChallengeResponseAuthentication skey, pam" |
39 |
|
40 |
- Complete Tru64 SIA support |
41 |
- It looks like we could merge it into the password auth code to cut down |
42 |
on diff size. Maybe PAM password auth too? |
43 |
|
44 |
- Finish integrating kernel-level auditing code for IRIX and SOLARIS |
45 |
(Gilbert.r.loomis@saic.com) |
46 |
|
47 |
- 64-bit builds on HP-UX 11.X (stevesk@pobox.com): |
48 |
- utmp/wtmp get corrupted (something in loginrec?) |
49 |
- can't build with PAM (no 64-bit libpam yet) |
50 |
|
51 |
Clean up configure/makefiles: |
52 |
- Clean up configure.ac - There are a few double #defined variables |
53 |
left to do. HAVE_LOGIN is one of them. Consider NOT looking for |
54 |
information in wtmpx or utmpx or any of that stuff if it's not detected |
55 |
from the start |
56 |
|
57 |
- Replace the whole u_intXX_t evilness in acconfig.h with something better??? |
58 |
- Do it in configure.ac |
59 |
|
60 |
- Consider splitting the u_intXX_t test for sys/bitype.h into seperate test |
61 |
to allow people to (right/wrongfully) link against Bind directly. |
62 |
|
63 |
- Consider splitting configure.ac into seperate files which do logically |
64 |
similar tests. E.g move all the type detection stuff into one file, |
65 |
entropy related stuff into another. |
66 |
|
67 |
Packaging: |
68 |
- HP-UX: Provide DEPOT package scripts. |
69 |
(gilbert.r.loomis@saic.com) |
70 |
|
71 |
PrivSep Issues: |
72 |
- PAM |
73 |
+ See above PAM notes |
74 |
- AIX |
75 |
+ usrinfo() does not set TTY, but only required for legacy systems. Works |
76 |
with PrivSep. |
77 |
- OSF |
78 |
+ SIA is broken |
79 |
- Cygwin |
80 |
+ Privsep for Pre-auth only (no fd passing) |