blob: 4331a1364be09f51521a5c2b5c109a9b05b41677 [file] [log] [blame]
Ben Lindstrom4a1d9162000-11-21 10:45:31 +00001Programming:
Damien Miller33804262001-02-04 23:20:18 +11002- Grep for 'XXX' comments and fix
3
Damien Miller883631b2001-03-21 11:12:55 +11004- Link order is incorrect for some systems using Kerberos 4 and AFS. Result
Damien Miller771bbac2001-03-27 16:10:22 +10005 is multiple inclusion of DES symbols. Holger Trapp
6 <holger.trapp@hrz.tu-chemnitz.de> reports that changing the configure
7 generated link order from:
8 -lresolv -lkrb -lz -lnsl -lutil -lkafs -lkrb -ldes -lcrypto
9 to:
10 -lresolv -lkrb -lz -lnsl -lutil -lcrypto -lkafs -lkrb -ldes
11 fixing the problem.
Damien Miller883631b2001-03-21 11:12:55 +110012
Damien Millerb8b8ecf2001-02-08 10:47:43 +110013- Write a test program that calls stat() to search for EGD/PRNGd socket
Damien Millerdd97de72001-03-05 23:33:24 +110014 rather than use the (non-portable) "test -S".
Damien Millerb8b8ecf2001-02-08 10:47:43 +110015
Kevin Steves55fb9a92001-03-19 14:58:47 +000016- Replacement for setproctitle() - HP-UX support only currently
Damien Miller356a0b01999-11-08 15:30:59 +110017
Damien Millerdd97de72001-03-05 23:33:24 +110018- Handle changing passwords for the non-PAM expired password case
19
Damien Millerc7b38ce1999-11-09 10:28:04 +110020- Improve PAM support (a pam_lastlog module will cause sshd to exit)
Ben Lindstromc72745a2000-12-02 19:03:54 +000021 and maybe support alternate forms of authenications like OPIE via
22 pam?
Damien Miller356a0b01999-11-08 15:30:59 +110023
Damien Millerdd97de72001-03-05 23:33:24 +110024- Rework PAM ChallengeResponseAuthentication
25 - Use kbdint request packet with 0 prompts for informational messages
26 - Use different PAM service name for kbdint vs regular auth (suggest from
27 Solar Designer)
28 - Ability to select which ChallengeResponseAuthentications may be used
29 and order to try them in e.g. "ChallengeResponseAuthentication skey, pam"
30
Damien Millerad833b32000-08-23 10:46:23 +100031- Complete Tru64 SIA support
Damien Millerfdbcb5d2001-09-25 13:01:49 +100032 - It looks like we could merge it into the password auth code to cut down
33 on diff size. Maybe PAM password auth too?
Ben Lindstrom4a1d9162000-11-21 10:45:31 +000034
35- Finish integrating kernel-level auditing code for IRIX and SOLARIS
36 (Gilbert.r.loomis@saic.com)
37
Ben Lindstrom48b2f732001-01-08 06:20:38 +000038- sftp-server: Rework to step down to 32bit ints if the platform
39 lacks 'long long' == 64bit (Notable SCO w/ SCO compiler)
Ben Lindstrom4a1d9162000-11-21 10:45:31 +000040
Ben Lindstroma15e39b2000-12-02 04:58:57 +000041- Linux hangs for 20 seconds when you do "sleep 20&exit". All current
42 solutions break scp or leaves processes hanging around after the ssh
43 connection has ended. It seems to be linked to two things. One
44 select() under Linux is not as nice as others, and two the children
Damien Millerdd97de72001-03-05 23:33:24 +110045 of the shell are not killed on exiting the shell. Redhat have an excellent
46 description of this in their RPM package.
Ben Lindstroma15e39b2000-12-02 04:58:57 +000047
Damien Millerb8481582000-12-03 11:51:51 +110048- Build an automated test suite
49
Kevin Steves55fb9a92001-03-19 14:58:47 +000050- 64-bit builds on HP-UX 11.X (stevesk@pobox.com):
51 - utmp/wtmp get corrupted (something in loginrec?)
Kevin Steves55fb9a92001-03-19 14:58:47 +000052 - can't build with PAM (no 64-bit libpam yet)
53
Ben Lindstrom4a1d9162000-11-21 10:45:31 +000054Documentation:
55- More and better
56
57- Install FAQ?
58
59- General FAQ on S/Key, TIS, RSA, RSA2, DSA, etc and suggestions on when it
60 would be best to use them.
61
62- Create a Documentation/ directory?
63
64Clean up configure/makefiles:
Tim Riceb89e6942001-10-29 18:50:39 -080065- Clean up configure.ac - There are a few double #defined variables
Damien Millerdd97de72001-03-05 23:33:24 +110066 left to do. HAVE_LOGIN is one of them. Consider NOT looking for
67 information in wtmpx or utmpx or any of that stuff if it's not detected
68 from the start
Ben Lindstrom4a1d9162000-11-21 10:45:31 +000069
Ben Lindstrom4a1d9162000-11-21 10:45:31 +000070- Fails to compile when cross compile.
71 (vinschen@redhat.com)
72
73- Replace the whole u_intXX_t evilness in acconfig.h with something better???
74
Ben Lindstrom28bfc0d2000-12-18 19:58:57 +000075- Consider splitting the u_intXX_t test for sys/bitype.h into seperate test
76 to allow people to (right/wrongfully) link against Bind directly.
77
Damien Millerc68d4332002-01-22 22:26:20 +110078- Consider splitting configure.ac into seperate files which do logically
79 similar tests. E.g move all the type detection stuff into one file,
80 entropy related stuff into another.
81
Ben Lindstrom4a1d9162000-11-21 10:45:31 +000082Packaging:
83- Solaris: Update packaging scripts and build new sysv startup scripts
Damien Millerdd97de72001-03-05 23:33:24 +110084 Ideally the package metadata should be generated by autoconf.
Ben Lindstrom4a1d9162000-11-21 10:45:31 +000085 (gilbert.r.loomis@saic.com)
86
Kevin Steves55fb9a92001-03-19 14:58:47 +000087- HP-UX: Provide DEPOT package scripts.
Ben Lindstrom4a1d9162000-11-21 10:45:31 +000088 (gilbert.r.loomis@saic.com)
Damien Millere9cf3572001-02-09 12:55:35 +110089
Ben Lindstromaa83b982002-06-25 02:28:22 +000090
91PrivSep Issues:
92- mmap() issues.
Ben Lindstromacfef052002-06-25 14:14:30 +000093 + /dev/zero solution (Solaris)
94 + No/broken MAP_ANON (Irix)
95 + broken /dev/zero parse (Linux)
Ben Lindstromaa83b982002-06-25 02:28:22 +000096- PAM
97 + See above PAM notes
98- AIX
Ben Lindstromb129be62002-06-25 17:12:26 +000099 + usrinfo() does not set TTY, but only required for legicy systems. Works
100 with PrivSep.
Ben Lindstromaa83b982002-06-25 02:28:22 +0000101- OSF
102 + SIA is broken
Ben Lindstrom2f0de482002-06-25 14:01:55 +0000103- Cygwin
104 + Privsep for Pre-auth only (no fd passing)
Ben Lindstromaa83b982002-06-25 02:28:22 +0000105
Ben Lindstromb129be62002-06-25 17:12:26 +0000106$Id: TODO,v 1.50 2002/06/25 17:12:27 mouring Exp $