1Documentation: 2 3- Update the docs 4 - Update README 5 - Update INSTALL 6 - Merge INSTALL & README.privsep 7 8- Install FAQ? 9 10- General FAQ on S/Key, TIS, RSA, RSA2, DSA, etc and suggestions on when it 11 would be best to use them. 12 13- Create a Documentation/ directory? 14 15Programming: 16 17- Grep for 'XXX' comments and fix 18 19- Link order is incorrect for some systems using Kerberos 4 and AFS. Result 20 is multiple inclusion of DES symbols. Holger Trapp 21 <holger.trapp@hrz.tu-chemnitz.de> reports that changing the configure 22 generated link order from: 23 -lresolv -lkrb -lz -lnsl -lutil -lkafs -lkrb -ldes -lcrypto 24 to: 25 -lresolv -lkrb -lz -lnsl -lutil -lcrypto -lkafs -lkrb -ldes 26 fixing the problem. 27 28- Write a test program that calls stat() to search for EGD/PRNGd socket 29 rather than use the (non-portable) "test -S". 30 31- More platforms for for setproctitle() emulation (testing needed) 32 33- Handle changing passwords for the non-PAM expired password case 34 35- Improve PAM support (a pam_lastlog module will cause sshd to exit) 36 and maybe support alternate forms of authentications like OPIE via 37 pam? 38 39- Improve PAM ChallengeResponseAuthentication 40 - Informational messages 41 - chauthtok 42 - Use different PAM service name for kbdint vs regular auth (suggest from 43 Solar Designer) 44 - Ability to select which ChallengeResponseAuthentications may be used 45 and order to try them in e.g. "ChallengeResponseAuthentication skey, pam" 46 47- Complete Tru64 SIA support 48 - It looks like we could merge it into the password auth code to cut down 49 on diff size. Maybe PAM password auth too? 50 51- Finish integrating kernel-level auditing code for IRIX and SOLARIS 52 (Gilbert.r.loomis@saic.com) 53 54- 64-bit builds on HP-UX 11.X (stevesk@pobox.com): 55 - utmp/wtmp get corrupted (something in loginrec?) 56 - can't build with PAM (no 64-bit libpam yet) 57 58Clean up configure/makefiles: 59- Clean up configure.ac - There are a few double #defined variables 60 left to do. HAVE_LOGIN is one of them. Consider NOT looking for 61 information in wtmpx or utmpx or any of that stuff if it's not detected 62 from the start 63 64- Fails to compile when cross compile. (vinschen@redhat.com) 65 66- Replace the whole u_intXX_t evilness in acconfig.h with something better??? 67 - Do it in configure.ac 68 69- Consider splitting the u_intXX_t test for sys/bitype.h into seperate test 70 to allow people to (right/wrongfully) link against Bind directly. 71 72- Consider splitting configure.ac into seperate files which do logically 73 similar tests. E.g move all the type detection stuff into one file, 74 entropy related stuff into another. 75 76Packaging: 77- Solaris: Update packaging scripts and build new sysv startup scripts 78 Ideally the package metadata should be generated by autoconf. 79 (gilbert.r.loomis@saic.com) 80 81- HP-UX: Provide DEPOT package scripts. 82 (gilbert.r.loomis@saic.com) 83 84PrivSep Issues: 85- mmap() issues. 86 + /dev/zero solution (Solaris) 87 + No/broken MAP_ANON (Irix) 88 + broken /dev/zero parse (Linux) 89- PAM 90 + See above PAM notes 91- AIX 92 + usrinfo() does not set TTY, but only required for legacy systems. Works 93 with PrivSep. 94- OSF 95 + SIA is broken 96- Cygwin 97 + Privsep for Pre-auth only (no fd passing) 98 99$Id: TODO,v 1.55 2003/06/11 13:56:41 dtucker Exp $ 100