diff options
| author | Andrew Boardman <amb@mit.edu> | 2006-09-07 03:23:53 +0000 |
|---|---|---|
| committer | Andrew Boardman <amb@mit.edu> | 2006-09-07 03:23:53 +0000 |
| commit | 791d4f466ecf767d2db8cf217f9314cbc716ad1b (patch) | |
| tree | 26034f40662654000b2a023e67a0303613590879 | |
| parent | fb2815420c0bdd233e2d7f2ff0cb272e47a17998 (diff) | |
| download | krb5-791d4f466ecf767d2db8cf217f9314cbc716ad1b.zip krb5-791d4f466ecf767d2db8cf217f9314cbc716ad1b.tar.gz krb5-791d4f466ecf767d2db8cf217f9314cbc716ad1b.tar.bz2 | |
Documented current state and blocking issues
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/referrals@18566 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | TODO | 39 |
1 files changed, 21 insertions, 18 deletions
@@ -1,24 +1,31 @@ -stuff to add: -- write up understanding of current referral logic to krbcore - - given the length of conversations with hartmans and raeburn, others - are likely to take issue with the finer points. -- add klist option to print actual credential principal -- referral loop checking -- properly return TGT string for ccache - - old code was convoluted and buggy. replace. - -bug fixes: -- memory management issues: +blocking issues for beta release +================================ +- fix memory management problems and any other known crash/assertion-fail + cases - kvno crashes freeing in_cred after the call completes. why is this? reproduce: "kvno host/maybe.not.ms.mit.edu@NOT.MS.MIT.EDU" - assertion failure: "./ptest argos.mit.edu" - might require NOT tickets and no domain_realm setting - no longer reproducible? - fix double-free in gc_from_kdc_opt cleanup +- correctly return first-hop TGTs for ccache storage + - old code was convoluted and buggy. replace. +- referral loop checking +- testing, cleanup, documentation + +further work: +============ +- write up understanding of current referral logic to krbcore + - given the length of conversations with hartmans and raeburn, others + are likely to take issue with the finer points. + - review implementation notes against actual implementation, document changes +- add klist option to print actual credential principal +- padata parsing for referral data verification and possible principal rewrite testing issues: +============== - verify that cached tickets work properly -- verify that intermediate TGTs aren't cached but +- verify that intermediate TGTs aren't cached - Should we do the single non-referral fallback always or only on certain KDC failure states? Probably answer this from testing. - credential cacheing unreliable; investiagate @@ -27,10 +34,8 @@ testing issues: low-priority: - code (or explicitly punt) edge cases in krb5_get_cred_from_kdc_opt -later, high-priority, hard: -- padata parsing - -final: +final cleanup: +============= - check namespace use with tom - review code for: - string safety, particularly strcmp use -- nothing is guaranteed to be a string, @@ -38,5 +43,3 @@ final: - memory leaks - check assumptions on assumed dereferencability of credential members - review code format -- #ifdef out tracing/debugging code -- review implementation notes against actual implementation |