diff options
Diffstat (limited to 'TODO')
| -rw-r--r-- | TODO | 25 |
1 files changed, 15 insertions, 10 deletions
@@ -41,9 +41,6 @@ Release 1.0: -u option similar to leland_srvtab. Needs good error messages on Kerberos failures. -* The wallet client should read configuration information from krb5.conf, - and possibly from some other configuration as well. - * Error messages from ACL operations should refer to the ACLs by name instead of by ID. @@ -101,6 +98,17 @@ Future work: * Add a comment field for objects that can be set by the owner. +* The keytab backend currently only supports MIT Kerberos. Add support + for Heimdal. This should probably be done by writing a separate class + that handles the kadmin operations that can be subclassed and that + dynamically chooses its implementation based on run-time configuration. + +* When reading configuration from krb5.conf, we should first try to + determine our principal from any existing K5 ticket cache (after + obtaining tickets if -u was given) and extract the realm from that + principal, using it as the default realm when reading configuration + information. + * Implement an ssh keypair wallet object. The server can run ssh-keygen to generate a public/private key pair and return both to the client, which would split them apart. Used primarily for host keys. May need a @@ -123,9 +131,6 @@ Future work: * Add support for enforcing a naming policy through another policy function. -* The keytab backend currently only supports MIT Kerberos. Add support - for Heimdal. - * Add readline support to the wallet client to make it easier to issue multiple commands. @@ -152,10 +157,6 @@ Future work: * The Wallet::Config class is very ugly and could use some better internal API to reference the variables in it. -* Consider using Class::Accessor to get rid of the scaffolding code to - access object data, and a Wallet::Base class to handle things like the - error() method common to many classes. - * Use Class::DBI and Class::Trigger to handle the data access layer rather than writing SQL directly, and implement the logging requirements with triggers rather than explicit SQL. This may also replace @@ -163,5 +164,9 @@ Future work: May or may not be good ideas: +* Consider using Class::Accessor to get rid of the scaffolding code to + access object data, and a Wallet::Base class to handle things like the + error() method common to many classes. + * Remove the hard-coded ADMIN ACL in the server with something more configurable, perhaps a global ACL table or something. |