From 2d33440272200cad20a5a4c58e5d8aa0dfad9a1f Mon Sep 17 00:00:00 2001
From: Russ Allbery <rra@stanford.edu>
Date: Tue, 9 Feb 2010 13:37:58 -0800
Subject: Remove kaserver synchronization support from the wallet client

The wallet client no longer enables kaserver synchronization when a
srvtab is requested with -S.  Instead, it just extracts the DES key
from the keytab and writes it to a srvtab.  It no longer forces the
kvno of the srvtab to 0 (a Stanford-specific action) and instead
preserves the kvno from the key in the keytab.  This should now do the
right thing for sites that use a KDC that serves both Kerberos v4 and
Kerberos v5 from the same database.
---
 TODO | 10 ----------
 1 file changed, 10 deletions(-)

(limited to 'TODO')

diff --git a/TODO b/TODO
index 7448019..1b1bd78 100644
--- a/TODO
+++ b/TODO
@@ -67,16 +67,6 @@ Release 1.0:
   an ACL without having to write it into the database.  Redo default ACL
   creation using that functionality.
 
-* The wallet client currently sets sync kaserver whenever writing a keytab
-  to a srvtab.  This is correct for sites using kaserver and wrong for
-  everyone else.  Remove or rethink this once Stanford's kaserver
-  migration is over.
-
-* The wallet client currently hard-codes a kvno of 0 in srvtabs, which is
-  correct for how kasetkey works but probably isn't correct for people
-  using Heimdal or MIT to serve both K4 and K5 from the same KDC.  Rethink
-  once Stanford's kaserver migration is over.
-
 * Add a hook to enforce ACL naming standards.
 
 Future work:
-- 
cgit v1.2.3