]>
Commit | Line | Data |
---|---|---|
3bf784bc | 1 | Documentation: |
2 | ||
3 | - Update the docs | |
4 | - Update README | |
5 | - Update INSTALL | |
6 | - Merge INSTALL & README.privsep | |
7 | ||
8 | - Install FAQ? | |
9 | ||
10 | - General FAQ on S/Key, TIS, RSA, RSA2, DSA, etc and suggestions on when it | |
aff51935 | 11 | would be best to use them. |
3bf784bc | 12 | |
13 | - Create a Documentation/ directory? | |
14 | ||
0b49a754 | 15 | Programming: |
3bf784bc | 16 | |
61e96248 | 17 | - Grep for 'XXX' comments and fix |
18 | ||
4345ecda | 19 | - Link order is incorrect for some systems using Kerberos 4 and AFS. Result |
aff51935 | 20 | is multiple inclusion of DES symbols. Holger Trapp |
b5e83136 | 21 | <holger.trapp@hrz.tu-chemnitz.de> reports that changing the configure |
22 | generated link order from: | |
23 | -lresolv -lkrb -lz -lnsl -lutil -lkafs -lkrb -ldes -lcrypto | |
24 | to: | |
25 | -lresolv -lkrb -lz -lnsl -lutil -lcrypto -lkafs -lkrb -ldes | |
26 | fixing the problem. | |
4345ecda | 27 | |
38682136 | 28 | - Write a test program that calls stat() to search for EGD/PRNGd socket |
aff51935 | 29 | rather than use the (non-portable) "test -S". |
38682136 | 30 | |
d0104542 | 31 | - More platforms for for setproctitle() emulation (testing needed) |
e1a9c08d | 32 | |
d4f11b59 | 33 | - Improve PAM support (a pam_lastlog module will cause sshd to exit) |
cbecf1ed | 34 | and maybe support alternate forms of authentications like OPIE via |
0b6fbf03 | 35 | pam? |
e1a9c08d | 36 | |
3bf784bc | 37 | - Improve PAM ChallengeResponseAuthentication |
38 | - Informational messages | |
39 | - chauthtok | |
7c4ba20c | 40 | - Use different PAM service name for kbdint vs regular auth (suggest from |
41 | Solar Designer) | |
42 | - Ability to select which ChallengeResponseAuthentications may be used | |
43 | and order to try them in e.g. "ChallengeResponseAuthentication skey, pam" | |
44 | ||
0b49a754 | 45 | - Complete Tru64 SIA support |
a483bb4f | 46 | - It looks like we could merge it into the password auth code to cut down |
47 | on diff size. Maybe PAM password auth too? | |
e1a9c08d | 48 | |
0b49a754 | 49 | - Finish integrating kernel-level auditing code for IRIX and SOLARIS |
50 | (Gilbert.r.loomis@saic.com) | |
2b942fe0 | 51 | |
d5eedf23 | 52 | - 64-bit builds on HP-UX 11.X (stevesk@pobox.com): |
53 | - utmp/wtmp get corrupted (something in loginrec?) | |
d5eedf23 | 54 | - can't build with PAM (no 64-bit libpam yet) |
55 | ||
0b49a754 | 56 | Clean up configure/makefiles: |
40d0f6b9 | 57 | - Clean up configure.ac - There are a few double #defined variables |
7c4ba20c | 58 | left to do. HAVE_LOGIN is one of them. Consider NOT looking for |
59 | information in wtmpx or utmpx or any of that stuff if it's not detected | |
60 | from the start | |
0b49a754 | 61 | |
3bf784bc | 62 | - Fails to compile when cross compile. (vinschen@redhat.com) |
0b49a754 | 63 | |
64 | - Replace the whole u_intXX_t evilness in acconfig.h with something better??? | |
1b61b21c | 65 | - Do it in configure.ac |
0b49a754 | 66 | |
0c2fb82f | 67 | - Consider splitting the u_intXX_t test for sys/bitype.h into seperate test |
68 | to allow people to (right/wrongfully) link against Bind directly. | |
69 | ||
4027f21c | 70 | - Consider splitting configure.ac into seperate files which do logically |
aff51935 | 71 | similar tests. E.g move all the type detection stuff into one file, |
4027f21c | 72 | entropy related stuff into another. |
73 | ||
0b49a754 | 74 | Packaging: |
75 | - Solaris: Update packaging scripts and build new sysv startup scripts | |
7c4ba20c | 76 | Ideally the package metadata should be generated by autoconf. |
0b49a754 | 77 | (gilbert.r.loomis@saic.com) |
78 | ||
d5eedf23 | 79 | - HP-UX: Provide DEPOT package scripts. |
0b49a754 | 80 | (gilbert.r.loomis@saic.com) |
0b202697 | 81 | |
702b2855 | 82 | PrivSep Issues: |
83 | - mmap() issues. | |
b9ccb43d | 84 | + /dev/zero solution (Solaris) |
85 | + No/broken MAP_ANON (Irix) | |
86 | + broken /dev/zero parse (Linux) | |
aff51935 | 87 | - PAM |
702b2855 | 88 | + See above PAM notes |
89 | - AIX | |
5e24e4a5 | 90 | + usrinfo() does not set TTY, but only required for legacy systems. Works |
e2bc41f9 | 91 | with PrivSep. |
702b2855 | 92 | - OSF |
93 | + SIA is broken | |
1c405c15 | 94 | - Cygwin |
95 | + Privsep for Pre-auth only (no fd passing) | |
702b2855 | 96 | |
0b202697 | 97 | $Id$ |