wallet To-Do List Release 1.0: * Add a test suite for the wallet -u option. * Write the LDAP entitlement ACL verifier. * Write the PTS ACL verifier. * Add POD testing for the client and server programs. * Add POD coverage testing using Test::POD::Coverage for the server modules. * Provide a way to get history for deleted objects and ACLs. * Display ACL names rather than index numbers when displaying history of owner and acl_* settings. * Provide a way to list all objects by type, by owner (including null), or by all uses of an ACL. * Provide an interface to list all empty ACLs. * Add a help function to wallet-backend listing the commands. * The client may not compile against Heimdal due to changes in how the krb5_keyblock structure is laid out, the freeing of keytab entries, and the use of WRFILE for keytab merging. Check and fix. * Rewrite the client test suite to use Perl and to make better use of shared code so that it can be broken into function components. * Add a test suite for kasetkey. * Catch exceptions on object creation in wallet-backend so that we can log those as well. * Error messages from ACL operations should refer to the ACLs by name instead of by ID. * Add the database schema version to a global table so that we can use it to support schema upgrades in the future. * On upgrades, support adding new object types and ACL verifiers to the class tables. * Move the methods to add additional class mappings from Wallet::Schema to Wallet::Admin. * Implement store support in the wallet client. Add an option to read the data from a file. The initial implementation, depending on the underlying remctl support, may have to ban nul characters in the uploaded data. * Implement a simple file wallet object. Document a naming convention for those files (group-service, perhaps). * Rename Wallet::ACL::* to Wallet::Verifier::*. Add Wallet::ACL as a generic interface with Wallet::ACL::Database and Wallet::ACL::List implementations (or some similar name) so that we can create and check an ACL without having to write it into the database. Redo default ACL creation using that functionality. Future work: * Write a conventions document for ACL naming, object naming, and similar issues. * Write a future design and roadmap document to collect notes about how unimplemented features should be handled. * Support limiting returned history information by timestamp. * Improve the error message for Kerberos authentication failures. * Handle duplicate kvnos in a newly returned keytab and an existing keytab (such as when downloading an unchanging keytab and merging it into an existing one) in some reasonable fashion. * Support removing old kvnos from a merged keytab (similar to kadmin ktremove old). * There is a lot of duplicate code in wallet-backend. Convert that to use some sort of data-driven model with argument count and flags so that the method calls can be written only once. Convert wallet-admin to use the same code. * There's a lot of code duplication in the dispatch functions in the Wallet::Server class. Find a way to rewrite that so that the dispatch doesn't duplicate the same code patterns. * Refactor the test suite for the wallet backend to try to reduce the duplicated code. * Pull common test suite code into a Perl library that can be reused. * Add a function to wallet-admin to purge expired entries. Possibly also check expiration before allowing anyone to get or store objects. * Add a comment field for objects that can be set by the owner. * The keytab backend currently only supports MIT Kerberos. Add support for Heimdal. This should probably be done by writing a separate class that handles the kadmin operations that can be subclassed and that dynamically chooses its implementation based on run-time configuration. * When reading configuration from krb5.conf, we should first try to determine our principal from any existing K5 ticket cache (after obtaining tickets if -u was given) and extract the realm from that principal, using it as the default realm when reading configuration information. * Implement an ssh keypair wallet object. The server can run ssh-keygen to generate a public/private key pair and return both to the client, which would split them apart. Used primarily for host keys. May need a side table to store key types, or a naming convention. * Implement an X.509 certificate object. I expect this would store the public and private key as a single file in the same format that Apache can read for combined public and private keys. There were requests for storing the CSR, but I don't see why you'd want to do that. Start with store support. * Implement an X.509 CA so that you can get certificate objects without storing them first. Need to resolve naming conventions if you want to run multiple CAs on the same wallet server (but why?). Should this be a different type than stored certificates? * Add details to design-api on how to write one's own ACL verifiers and object implementations and register them. * Add readline support to the wallet client to make it easier to issue multiple commands. * The wallet-backend and wallet documentation share the COMMANDS section. Work out some means to assemble the documentation without duplicating content. * Add support for rekeying in the wallet client. Need to resolve how to get a list of principals to rekey and which keytabs to work on. This possibly should be a separate binary from the regular wallet client binary. * Document using the wallet system over something other than remctl. * Provide a REST implementation of the wallet server. * Provide a CGI implementation of the wallet server. * Document all diagnostics for all wallet APIs. * Write a test suite to scan all wallet code looking for diagnostics that aren't in the documentation and warn about them. * The Wallet::Config class is very ugly and could use some better internal API to reference the variables in it. * Use Class::DBI and Class::Trigger to handle the data access layer rather than writing SQL directly, and implement the logging requirements with triggers rather than explicit SQL. This may also replace Wallet::Schema. * Make contrib/wallet-report generic and include it in wallet-admin, with additional configuration in Wallet::Config. Enhance it to report on any sort of object, not just on keytabs, and to give numbers on downloaded versus not downloaded objects. May or may not be good ideas: * Consider using Class::Accessor to get rid of the scaffolding code to access object data, and a Wallet::Base class to handle things like the error() method common to many classes. * Remove the hard-coded ADMIN ACL in the server with something more configurable, perhaps a global ACL table or something. * When obtaining tickets in the wallet client with -u, should we get a TGT as we do now or just directly obtain the service ticket we're going to use for remctl?