1Programming: 2- Grep for 'XXX' comments and fix 3 4- Link order is incorrect for some systems using Kerberos 4 and AFS. Result 5 is multiple inclusion of DES symbols. Holger Trapp 6 <holger.trapp@hrz.tu-chemnitz.de> reports that changing the configure 7 generated link order from: 8 -lresolv -lkrb -lz -lnsl -lutil -lkafs -lkrb -ldes -lcrypto 9 to: 10 -lresolv -lkrb -lz -lnsl -lutil -lcrypto -lkafs -lkrb -ldes 11 fixing the problem. 12 13- Write a test program that calls stat() to search for EGD/PRNGd socket 14 rather than use the (non-portable) "test -S". 15 16- Replacement for setproctitle() - HP-UX support only currently 17 18- Handle changing passwords for the non-PAM expired password case 19 20- Improve PAM support (a pam_lastlog module will cause sshd to exit) 21 and maybe support alternate forms of authenications like OPIE via 22 pam? 23 24- Rework PAM ChallengeResponseAuthentication 25 - Use kbdint request packet with 0 prompts for informational messages 26 - Use different PAM service name for kbdint vs regular auth (suggest from 27 Solar Designer) 28 - Ability to select which ChallengeResponseAuthentications may be used 29 and order to try them in e.g. "ChallengeResponseAuthentication skey, pam" 30 31- Complete Tru64 SIA support 32 - It looks like we could merge it into the password auth code to cut down 33 on diff size. Maybe PAM password auth too? 34 35- Finish integrating kernel-level auditing code for IRIX and SOLARIS 36 (Gilbert.r.loomis@saic.com) 37 38- sftp-server: Rework to step down to 32bit ints if the platform 39 lacks 'long long' == 64bit (Notable SCO w/ SCO compiler) 40 41- Linux hangs for 20 seconds when you do "sleep 20&exit". All current 42 solutions break scp or leaves processes hanging around after the ssh 43 connection has ended. It seems to be linked to two things. One 44 select() under Linux is not as nice as others, and two the children 45 of the shell are not killed on exiting the shell. Redhat have an excellent 46 description of this in their RPM package. 47 48- Build an automated test suite 49 50- 64-bit builds on HP-UX 11.X (stevesk@pobox.com): 51 - utmp/wtmp get corrupted (something in loginrec?) 52 - can't build with PAM (no 64-bit libpam yet) 53 54Documentation: 55- More and better 56 57- Install FAQ? 58 59- General FAQ on S/Key, TIS, RSA, RSA2, DSA, etc and suggestions on when it 60 would be best to use them. 61 62- Create a Documentation/ directory? 63 64Clean up configure/makefiles: 65- Clean up configure.ac - There are a few double #defined variables 66 left to do. HAVE_LOGIN is one of them. Consider NOT looking for 67 information in wtmpx or utmpx or any of that stuff if it's not detected 68 from the start 69 70- Fails to compile when cross compile. 71 (vinschen@redhat.com) 72 73- Replace the whole u_intXX_t evilness in acconfig.h with something better??? 74 75- Consider splitting the u_intXX_t test for sys/bitype.h into seperate test 76 to allow people to (right/wrongfully) link against Bind directly. 77 78- Consider splitting configure.ac into seperate files which do logically 79 similar tests. E.g move all the type detection stuff into one file, 80 entropy related stuff into another. 81 82Packaging: 83- Solaris: Update packaging scripts and build new sysv startup scripts 84 Ideally the package metadata should be generated by autoconf. 85 (gilbert.r.loomis@saic.com) 86 87- HP-UX: Provide DEPOT package scripts. 88 (gilbert.r.loomis@saic.com) 89 90$Id: TODO,v 1.46 2002/01/22 11:26:20 djm Exp $ 91