diff options
author | Andrew Boardman <amb@mit.edu> | 2006-08-25 22:31:04 +0000 |
---|---|---|
committer | Andrew Boardman <amb@mit.edu> | 2006-08-25 22:31:04 +0000 |
commit | ab42ce934966a0fada06d81f29bcfaf9f7d84284 (patch) | |
tree | e89abdbc3acf7810f95fffd676e72d8e6fba598a | |
parent | 5c486008b8bc97e9a49f51d752843bcb17a5780f (diff) | |
download | krb5-ab42ce934966a0fada06d81f29bcfaf9f7d84284.zip krb5-ab42ce934966a0fada06d81f29bcfaf9f7d84284.tar.gz krb5-ab42ce934966a0fada06d81f29bcfaf9f7d84284.tar.bz2 |
More to do after afternoon's meeting and testing
git-svn-id: svn://anonsvn.mit.edu/krb5/users/amb/referrals@18543 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | TODO | 9 |
1 files changed, 9 insertions, 0 deletions
@@ -1,6 +1,8 @@ questions: - should do_traversal code for old-style lookups still be requesting referrals? If so, within what scope should they actually be used? +- Should we do the single non-referral fallback always or only on certain + KDC failure states? Probably answer this from testing. current: - rewrite verification to be more tightly-coupled to referral case @@ -9,6 +11,13 @@ current: - add error reporting to end of gc_from_kdc - deal with fetching remote TGTs after all before referrals - this is needed in domain_realm case +- tgs-req realm needs to match server realm; requesting an ATHENA.MIT.EDU + ticket, say, from NOT.MS.MIT.EDU, fails + - rewrite initial TGS request +- rewrite service realm before ticket goes back so that future requests + will hit on ccache + - testable with "kvno host/argos.mit.edu@NOT.MS.MIT.EDU" +- write up understanding of current referral scheme to krbcore bug fixes: - kvno crashes freeing in_cred after the call completes. why is this? |