r10670: Add notes on things that are TODO in Samba4 kerberos land.

Andrew Bartlett
(This used to be commit 5b2114bb9c604e8d36887e1131175da327eabc84)

diff --git a/source4/auth/kerberos/kerberos-notes.txt b/source4/auth/kerberos/kerberos-notes.txt
index 3b2989eee129e502d6afa3d71e1ef1d5702fd6c6..a36bf556aae6573343c5ee982a190af9219db431 100644 (file)
--- a/source4/auth/kerberos/kerberos-notes.txt
+++ b/source4/auth/kerberos/kerberos-notes.txt
@@ -374,3 +374,49 @@ DNS lookups on names without a . in them.  This should avoid some
 delay and root server load.
 
 
+Kerberos TODO
+=============
+
+(Feel free to contribute to any of these tasks, or ask
+abartlet@samba.org about them).
+
+Gssmonger
+---------
+
+Microsoft has released a testsuite called gssmonger, which tests
+interop.  We should compile it against lorikeet-heimdal, MIT and see
+if we can build a 'Samba4' server for it.
+
+PAC Correctness
+---------------
+
+We need to put the PAC into the TGT, not just the service ticket.  
+
+Authz data extraction
+---------------------
+
+We need to parse the authz data field correctly, and have a generic
+rouitine to get at particular types of data, no matter their inclusion
+in 'if relevent' or other stuctures.  This should be a utlity function
+we can use in both the client libs and KDC.
+
+Forwarded tickets
+-----------------
+
+We need to extract forwarded tickets from the GSSAPI layer, and put
+them into the credentials.  We can then use them for proxy work.
+
+Access Control
+--------------
+
+We need to get (either if PADL publishes their patch, or write our
+own) access control hooks in the Heimdal KDC.  We need to lockout
+accounts, and perform other controls.
+
+Kpasswd server
+--------------
+
+I have a partial kpasswd server which needs finishing, and a client
+testsuite written, either via the krb5 API or directly against GENSEC
+and the ASN.1 routines.
+