diff options
| author | Russ Allbery <rra@stanford.edu> | 2010-02-09 13:37:58 -0800 |
|---|---|---|
| committer | Russ Allbery <rra@stanford.edu> | 2010-02-09 13:37:58 -0800 |
| commit | 2d33440272200cad20a5a4c58e5d8aa0dfad9a1f (patch) | |
| tree | ee0b7718544e6ae054c52b273f5a51a085b228bb /TODO | |
| parent | 03889c8b1b3145e5e79a7f05763a55c788ef8672 (diff) | |
Remove kaserver synchronization support from the wallet client
The wallet client no longer enables kaserver synchronization when a
srvtab is requested with -S. Instead, it just extracts the DES key
from the keytab and writes it to a srvtab. It no longer forces the
kvno of the srvtab to 0 (a Stanford-specific action) and instead
preserves the kvno from the key in the keytab. This should now do the
right thing for sites that use a KDC that serves both Kerberos v4 and
Kerberos v5 from the same database.
Diffstat (limited to 'TODO')
| -rw-r--r-- | TODO | 10 |
1 files changed, 0 insertions, 10 deletions
@@ -67,16 +67,6 @@ Release 1.0: an ACL without having to write it into the database. Redo default ACL creation using that functionality. -* The wallet client currently sets sync kaserver whenever writing a keytab - to a srvtab. This is correct for sites using kaserver and wrong for - everyone else. Remove or rethink this once Stanford's kaserver - migration is over. - -* The wallet client currently hard-codes a kvno of 0 in srvtabs, which is - correct for how kasetkey works but probably isn't correct for people - using Heimdal or MIT to serve both K4 and K5 from the same KDC. Rethink - once Stanford's kaserver migration is over. - * Add a hook to enforce ACL naming standards. Future work: |