The wallet client now supports a -u option, saying to obtain Kerberos

credentials for the given user and use those for authentication rather than using an existing ticket cache.
author: Russ Allbery <rra@stanford.edu> 2008-01-19 01:20:38 +0000
committer: Russ Allbery <rra@stanford.edu> 2008-01-19 01:20:38 +0000
commit: cf71c7dac06561b14c8be3383fdb2ca4f3a318d9 (patch)
tree: d6b05a005c67710a6d2831abba193923f2070f93 /TODO
parent: b4f2b5bf10e32777b1fcfa8417aa190755247815 (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/TODO b/TODO
index 2a09965..3315681 100644
--- a/TODO
+++ b/TODO
@@ -35,9 +35,7 @@ Release 1.0:
 * Log failures in the wallet-backend properly, which also requires
   catching all exceptions.
 
-* Add support to the wallet client for getting Kerberos tickets, using the
-  -u option similar to leland_srvtab.  Needs good error messages on
-  Kerberos failures.
+* Improve the error message for Kerberos authentication failures.
 
 * Error messages from ACL operations should refer to the ACLs by name
   instead of by ID.
@@ -165,3 +163,7 @@ May or may not be good ideas:
 
 * Remove the hard-coded ADMIN ACL in the server with something more
   configurable, perhaps a global ACL table or something.
+
+* When obtaining tickets in the wallet client with -u, should we get a TGT
+  as we do now or just directly obtain the service ticket we're going to
+  use for remctl?
author	Russ Allbery <rra@stanford.edu>	2008-01-19 01:20:38 +0000
committer	Russ Allbery <rra@stanford.edu>	2008-01-19 01:20:38 +0000
commit	cf71c7dac06561b14c8be3383fdb2ca4f3a318d9 (patch)
tree	d6b05a005c67710a6d2831abba193923f2070f93 /TODO
parent	b4f2b5bf10e32777b1fcfa8417aa190755247815 (diff)