I believe these are done but a double check would be nice. ---------------------------------------------------------------------------- Make sure kdb code doesn't save salt type KRB5_KDB_SALTTYPE_NORMAL (0) into the db. Routines: krb5_dbekd_decrypt_key_data(), krb5_dbekd_encrypt_key_data() Check that dump/restor actually works Each entry needs to have a version, length, and each integer entry needs to be saved with a hexidecimal encoding. The principals should use parse/unparse routines. (Paul did the work but nobody has checked it) Check that Import/Export of GSSAPI contexts work. ---------------------------------------------------------------------------- High Priority ---------------------------------------------------------------------------- Test that db key_data crunching of enctypes actually works. Routines in kdb_cpw.c: add_key_pwd(), add_key_rnd() Routines in kdb_xdr.c: krb5_dbe_find_enctype() Test that krb5_dbm_db_put_principal() doesn't save a krb5_db_entry with any keys with kvno = 0. Remove krb5_enctype argument from string_to_key(). A test for the new kdb locking code. Use dbm as the default database. Merge in new GSSAPI code from OV. Functionalize krb5.h krb5 bugs preauth If configuring with --enable-athena Allow mutilple host keys in srvtab hesiod calls multihomed hosts test cross realm authentication Make kinit not delete the credcache before authentication is verified. Save the time offset between the kerberos server and the current host in the credential cache. (Just need to actually get and save the time.) Add profile entries for default enctype/salttype list for kdc requests. default enctype/salttype list for change password requests. default enctype for change random key requests. kadmin Have ank, ark, cpw, crk use new protocol. kadmind Finish work on modify entry command. Make sure that db opens log before becoming a daemon. ---------------------------------------------------------------------------- Low Priority ---------------------------------------------------------------------------- Make routines for updating the master key in a database. Thinking about this I think its easier to have the routines update the master key and then update every principal in the database. Doing this will also allow us to remove the mkvno field saving 2 bytes per entry. Make a keysalt to salt function that takes keysalt info and principal and returns a salt. Routines: krb5_keysalt_to_salt(krb5_context, krb5_keysalt, krb5_principal) Implement krb5_cc_remove_cred() Implement tl_data for server keys supported by the server for client-server communications. SGI port. ---------------------------------------------------------------------------- Post 1.0 ---------------------------------------------------------------------------- Incremental kprop Kerberized Pop, discuss, zephyr Encrypted telnet, ftp Change krb5_keytype and krb5_checksumtype to be unsigned ints.