183d2307dSDag-Erling SmørgravProgramming: 283d2307dSDag-Erling Smørgrav- Grep for 'XXX' comments and fix 383d2307dSDag-Erling Smørgrav 483d2307dSDag-Erling Smørgrav- Link order is incorrect for some systems using Kerberos 4 and AFS. Result 583d2307dSDag-Erling Smørgrav is multiple inclusion of DES symbols. Holger Trapp 683d2307dSDag-Erling Smørgrav <holger.trapp@hrz.tu-chemnitz.de> reports that changing the configure 783d2307dSDag-Erling Smørgrav generated link order from: 883d2307dSDag-Erling Smørgrav -lresolv -lkrb -lz -lnsl -lutil -lkafs -lkrb -ldes -lcrypto 983d2307dSDag-Erling Smørgrav to: 1083d2307dSDag-Erling Smørgrav -lresolv -lkrb -lz -lnsl -lutil -lcrypto -lkafs -lkrb -ldes 1183d2307dSDag-Erling Smørgrav fixing the problem. 1283d2307dSDag-Erling Smørgrav 1383d2307dSDag-Erling Smørgrav- Write a test program that calls stat() to search for EGD/PRNGd socket 1483d2307dSDag-Erling Smørgrav rather than use the (non-portable) "test -S". 1583d2307dSDag-Erling Smørgrav 1683d2307dSDag-Erling Smørgrav- Replacement for setproctitle() - HP-UX support only currently 1783d2307dSDag-Erling Smørgrav 1883d2307dSDag-Erling Smørgrav- Handle changing passwords for the non-PAM expired password case 1983d2307dSDag-Erling Smørgrav 2083d2307dSDag-Erling Smørgrav- Improve PAM support (a pam_lastlog module will cause sshd to exit) 2183d2307dSDag-Erling Smørgrav and maybe support alternate forms of authenications like OPIE via 2283d2307dSDag-Erling Smørgrav pam? 2383d2307dSDag-Erling Smørgrav 2483d2307dSDag-Erling Smørgrav- Rework PAM ChallengeResponseAuthentication 2583d2307dSDag-Erling Smørgrav - Use kbdint request packet with 0 prompts for informational messages 2683d2307dSDag-Erling Smørgrav - Use different PAM service name for kbdint vs regular auth (suggest from 2783d2307dSDag-Erling Smørgrav Solar Designer) 2883d2307dSDag-Erling Smørgrav - Ability to select which ChallengeResponseAuthentications may be used 2983d2307dSDag-Erling Smørgrav and order to try them in e.g. "ChallengeResponseAuthentication skey, pam" 3083d2307dSDag-Erling Smørgrav 3183d2307dSDag-Erling Smørgrav- Complete Tru64 SIA support 3283d2307dSDag-Erling Smørgrav - It looks like we could merge it into the password auth code to cut down 3383d2307dSDag-Erling Smørgrav on diff size. Maybe PAM password auth too? 3483d2307dSDag-Erling Smørgrav 3583d2307dSDag-Erling Smørgrav- Finish integrating kernel-level auditing code for IRIX and SOLARIS 3683d2307dSDag-Erling Smørgrav (Gilbert.r.loomis@saic.com) 3783d2307dSDag-Erling Smørgrav 3883d2307dSDag-Erling Smørgrav- sftp-server: Rework to step down to 32bit ints if the platform 3983d2307dSDag-Erling Smørgrav lacks 'long long' == 64bit (Notable SCO w/ SCO compiler) 4083d2307dSDag-Erling Smørgrav 4183d2307dSDag-Erling Smørgrav- Linux hangs for 20 seconds when you do "sleep 20&exit". All current 4283d2307dSDag-Erling Smørgrav solutions break scp or leaves processes hanging around after the ssh 4383d2307dSDag-Erling Smørgrav connection has ended. It seems to be linked to two things. One 4483d2307dSDag-Erling Smørgrav select() under Linux is not as nice as others, and two the children 4583d2307dSDag-Erling Smørgrav of the shell are not killed on exiting the shell. Redhat have an excellent 4683d2307dSDag-Erling Smørgrav description of this in their RPM package. 4783d2307dSDag-Erling Smørgrav 4883d2307dSDag-Erling Smørgrav- Build an automated test suite 4983d2307dSDag-Erling Smørgrav 5083d2307dSDag-Erling Smørgrav- 64-bit builds on HP-UX 11.X (stevesk@pobox.com): 5183d2307dSDag-Erling Smørgrav - utmp/wtmp get corrupted (something in loginrec?) 5283d2307dSDag-Erling Smørgrav - can't build with PAM (no 64-bit libpam yet) 5383d2307dSDag-Erling Smørgrav 5483d2307dSDag-Erling SmørgravDocumentation: 5583d2307dSDag-Erling Smørgrav- More and better 5683d2307dSDag-Erling Smørgrav 5783d2307dSDag-Erling Smørgrav- Install FAQ? 5883d2307dSDag-Erling Smørgrav 5983d2307dSDag-Erling Smørgrav- General FAQ on S/Key, TIS, RSA, RSA2, DSA, etc and suggestions on when it 6083d2307dSDag-Erling Smørgrav would be best to use them. 6183d2307dSDag-Erling Smørgrav 6283d2307dSDag-Erling Smørgrav- Create a Documentation/ directory? 6383d2307dSDag-Erling Smørgrav 6483d2307dSDag-Erling SmørgravClean up configure/makefiles: 6583d2307dSDag-Erling Smørgrav- Clean up configure.ac - There are a few double #defined variables 6683d2307dSDag-Erling Smørgrav left to do. HAVE_LOGIN is one of them. Consider NOT looking for 6783d2307dSDag-Erling Smørgrav information in wtmpx or utmpx or any of that stuff if it's not detected 6883d2307dSDag-Erling Smørgrav from the start 6983d2307dSDag-Erling Smørgrav 7083d2307dSDag-Erling Smørgrav- Fails to compile when cross compile. 7183d2307dSDag-Erling Smørgrav (vinschen@redhat.com) 7283d2307dSDag-Erling Smørgrav 7383d2307dSDag-Erling Smørgrav- Replace the whole u_intXX_t evilness in acconfig.h with something better??? 7483d2307dSDag-Erling Smørgrav 7583d2307dSDag-Erling Smørgrav- Consider splitting the u_intXX_t test for sys/bitype.h into seperate test 7683d2307dSDag-Erling Smørgrav to allow people to (right/wrongfully) link against Bind directly. 7783d2307dSDag-Erling Smørgrav 7883d2307dSDag-Erling Smørgrav- Consider splitting configure.ac into seperate files which do logically 7983d2307dSDag-Erling Smørgrav similar tests. E.g move all the type detection stuff into one file, 8083d2307dSDag-Erling Smørgrav entropy related stuff into another. 8183d2307dSDag-Erling Smørgrav 8283d2307dSDag-Erling SmørgravPackaging: 8383d2307dSDag-Erling Smørgrav- Solaris: Update packaging scripts and build new sysv startup scripts 8483d2307dSDag-Erling Smørgrav Ideally the package metadata should be generated by autoconf. 8583d2307dSDag-Erling Smørgrav (gilbert.r.loomis@saic.com) 8683d2307dSDag-Erling Smørgrav 8783d2307dSDag-Erling Smørgrav- HP-UX: Provide DEPOT package scripts. 8883d2307dSDag-Erling Smørgrav (gilbert.r.loomis@saic.com) 8983d2307dSDag-Erling Smørgrav 90ee21a45fSDag-Erling Smørgrav 91ee21a45fSDag-Erling SmørgravPrivSep Issues: 92ee21a45fSDag-Erling Smørgrav- mmap() issues. 93ee21a45fSDag-Erling Smørgrav + /dev/zero solution (Solaris) 94ee21a45fSDag-Erling Smørgrav + No/broken MAP_ANON (Irix) 95ee21a45fSDag-Erling Smørgrav + broken /dev/zero parse (Linux) 96ee21a45fSDag-Erling Smørgrav- PAM 97ee21a45fSDag-Erling Smørgrav + See above PAM notes 98ee21a45fSDag-Erling Smørgrav- AIX 99ee21a45fSDag-Erling Smørgrav + usrinfo() does not set TTY, but only required for legicy systems. Works 100ee21a45fSDag-Erling Smørgrav with PrivSep. 101ee21a45fSDag-Erling Smørgrav- OSF 102ee21a45fSDag-Erling Smørgrav + SIA is broken 103ee21a45fSDag-Erling Smørgrav- Cygwin 104ee21a45fSDag-Erling Smørgrav + Privsep for Pre-auth only (no fd passing) 105ee21a45fSDag-Erling Smørgrav 106ee21a45fSDag-Erling Smørgrav$Id: TODO,v 1.50 2002/06/25 17:12:27 mouring Exp $ 107