From e91c0b93355b28617f7c0d756026856762ece242 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Wed, 25 Aug 2010 18:01:37 -0700 Subject: Imported Upstream version 0.12 --- TODO | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) (limited to 'TODO') diff --git a/TODO b/TODO index 8370210..20b75fd 100644 --- a/TODO +++ b/TODO @@ -18,11 +18,6 @@ Client: * Add readline support to the wallet client to make it easier to issue multiple commands. - * Add support for rekeying in the wallet client. Need to resolve how to - get a list of principals to rekey and which keytabs to work on. This - possibly should be a separate binary from the regular wallet client - binary. - * Support authenticating with a keytab. * Allow store data to contain nuls. Requires rewriting the command @@ -87,6 +82,9 @@ ACLs: * Provide an API for verifiers to syntax-check the values before an ACL is set and implement syntax checking for the Krb5 verifier. + * Investigate how best to support client authentication using anonymous + PKINIT for things like initial system keying. + Database: * Fix case-insensitivity bug in unique keys with MySQL for objects. @@ -130,6 +128,19 @@ Objects: Reports: + * Add audit for references to unknown ACLs, possibly introduced by + previous versions before ACL deletion was checked with database + backends that don't do referential integrity. + + * Add report for all objects that have never been stored. + + * Add report of all ACLs with identical contents. + + * For objects tied to hostnames, report on objects referring to hosts + which do not exist. For the initial pass, this is probably only keytab + objects with names containing a slash where the part after the slash + looks like a hostname. This may need some configuration help. + * Make contrib/wallet-summary generic and include it in wallet-report, with additional configuration in Wallet::Config. Enhance it to report on any sort of object, not just on keytabs, and to give numbers on -- cgit v1.2.3