]>
Commit | Line | Data |
---|---|---|
1 | Documentation: | |
2 | ||
3 | - Update the docs | |
4 | - Update README | |
5 | - Update INSTALL | |
6 | - Merge INSTALL & README.privsep | |
7 | ||
8 | - Install FAQ? | |
9 | ||
10 | - General FAQ on S/Key, TIS, RSA, RSA2, DSA, etc and suggestions on when it | |
11 | would be best to use them. | |
12 | ||
13 | - Create a Documentation/ directory? | |
14 | ||
15 | Programming: | |
16 | ||
17 | - Grep for 'XXX' comments and fix | |
18 | ||
19 | - Link order is incorrect for some systems using Kerberos 4 and AFS. Result | |
20 | is multiple inclusion of DES symbols. Holger Trapp | |
21 | <holger.trapp@hrz.tu-chemnitz.de> reports that changing the configure | |
22 | generated link order from: | |
23 | -lresolv -lkrb -lz -lnsl -lutil -lkafs -lkrb -ldes -lcrypto | |
24 | to: | |
25 | -lresolv -lkrb -lz -lnsl -lutil -lcrypto -lkafs -lkrb -ldes | |
26 | fixing the problem. | |
27 | ||
28 | - Write a test program that calls stat() to search for EGD/PRNGd socket | |
29 | rather than use the (non-portable) "test -S". | |
30 | ||
31 | - More platforms for for setproctitle() emulation (testing needed) | |
32 | ||
33 | - Improve PAM ChallengeResponseAuthentication | |
34 | - Informational messages | |
35 | - Use different PAM service name for kbdint vs regular auth (suggest from | |
36 | Solar Designer) | |
37 | - Ability to select which ChallengeResponseAuthentications may be used | |
38 | and order to try them in e.g. "ChallengeResponseAuthentication skey, pam" | |
39 | ||
40 | - Complete Tru64 SIA support | |
41 | - It looks like we could merge it into the password auth code to cut down | |
42 | on diff size. Maybe PAM password auth too? | |
43 | ||
44 | - Finish integrating kernel-level auditing code for IRIX and SOLARIS | |
45 | (Gilbert.r.loomis@saic.com) | |
46 | ||
47 | - 64-bit builds on HP-UX 11.X (stevesk@pobox.com): | |
48 | - utmp/wtmp get corrupted (something in loginrec?) | |
49 | - can't build with PAM (no 64-bit libpam yet) | |
50 | ||
51 | Clean up configure/makefiles: | |
52 | - Clean up configure.ac - There are a few double #defined variables | |
53 | left to do. HAVE_LOGIN is one of them. Consider NOT looking for | |
54 | information in wtmpx or utmpx or any of that stuff if it's not detected | |
55 | from the start | |
56 | ||
57 | - Replace the whole u_intXX_t evilness in acconfig.h with something better??? | |
58 | - Do it in configure.ac | |
59 | ||
60 | - Consider splitting the u_intXX_t test for sys/bitype.h into seperate test | |
61 | to allow people to (right/wrongfully) link against Bind directly. | |
62 | ||
63 | - Consider splitting configure.ac into seperate files which do logically | |
64 | similar tests. E.g move all the type detection stuff into one file, | |
65 | entropy related stuff into another. | |
66 | ||
67 | Packaging: | |
68 | - HP-UX: Provide DEPOT package scripts. | |
69 | (gilbert.r.loomis@saic.com) | |
70 | ||
71 | PrivSep Issues: | |
72 | - mmap() issues. | |
73 | + /dev/zero solution (Solaris) | |
74 | + No/broken MAP_ANON (Irix) | |
75 | + broken /dev/zero parse (Linux) | |
76 | - PAM | |
77 | + See above PAM notes | |
78 | - AIX | |
79 | + usrinfo() does not set TTY, but only required for legacy systems. Works | |
80 | with PrivSep. | |
81 | - OSF | |
82 | + SIA is broken | |
83 | - Cygwin | |
84 | + Privsep for Pre-auth only (no fd passing) | |
85 | ||
86 | $Id$ |