diff options
| author | Andrew Boardman <amb@mit.edu> | 2006-08-26 10:04:36 +0000 |
|---|---|---|
| committer | Andrew Boardman <amb@mit.edu> | 2006-08-26 10:04:36 +0000 |
| commit | bd7f816fe3da7b3efcda330ef45f7bac1944771c (patch) | |
| tree | 324c228166717116feaf8ee54c134cba75be0164 | |
| parent | b146425cbce7bf855d5072f41cecbc0e6496637e (diff) | |
| download | krb5-bd7f816fe3da7b3efcda330ef45f7bac1944771c.zip krb5-bd7f816fe3da7b3efcda330ef45f7bac1944771c.tar.gz krb5-bd7f816fe3da7b3efcda330ef45f7bac1944771c.tar.bz2 | |
Note current state
git-svn-id: svn://anonsvn.mit.edu/krb5/users/amb/referrals@18546 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | TODO | 53 |
1 files changed, 23 insertions, 30 deletions
@@ -1,42 +1,35 @@ -questions: -- should do_traversal code for old-style lookups still be requesting referrals? - If so, within what scope should they actually be used? -- Should we do the single non-referral fallback always or only on certain - KDC failure states? Probably answer this from testing. - -current: -- rewrite verification to be more tightly-coupled to referral case -- when should ccache be checked during referral process? never? -- free TGTs at fallback -- add error reporting to end of gc_from_kdc -- deal with fetching remote TGTs after all before referrals - - this is needed in domain_realm case -- tgs-req realm needs to match server realm; requesting an ATHENA.MIT.EDU - ticket, say, from NOT.MS.MIT.EDU, fails - - rewrite initial TGS request -- rewrite service realm before ticket goes back so that future requests - will hit on ccache - - testable with "kvno host/argos.mit.edu@NOT.MS.MIT.EDU" -- write up understanding of current referral scheme to krbcore +stuff to add: +- write up understanding of current referral logic to krbcore + - given the length of conversations with hartmans and raeburn, others + are likely to take issue with the finer points. +- add klist option to print actual credential principal +- referral loop checking +- properly return TGT string for ccache + - old code was convoluted and buggy. replace. bug fixes: -- kvno crashes freeing in_cred after the call completes. why is this? - reproduce: "kvno host/maybe.not.ms.mit.edu@NOT.MS.MIT.EDU" -- assertion failure: "./ptest argos.mit.edu" - - might require NOT tickets and no domain_realm setting +- memory management issues: + - kvno crashes freeing in_cred after the call completes. why is this? + reproduce: "kvno host/maybe.not.ms.mit.edu@NOT.MS.MIT.EDU" + - assertion failure: "./ptest argos.mit.edu" + - might require NOT tickets and no domain_realm setting + - no longer reproducible? + - fix double-free in gc_from_kdc_opt cleanup + +testing issues: +- verify that cached tickets work properly +- verify that intermediate TGTs aren't cached but +- Should we do the single non-referral fallback always or only on certain + KDC failure states? Probably answer this from testing. +- credential cacheing unreliable; investiagate + - "kvno host/argos.mit.edu@NOT.MS.MIT.EDU" with NOT tickets fills up ccache low-priority: - code (or explicitly punt) edge cases in krb5_get_cred_from_kdc_opt -- add klist option to print actual credential principal -- referral loop checking later, high-priority, hard: - padata parsing -testing issues: -- verify that cached tickets work properly -- verify that intermediate TGTs aren't cached but - final: - check namespace use with tom - review code for: |