| TODO (99060) | TODO (106121) |
|---|---|
| 1Programming: 2- Grep for 'XXX' comments and fix 3 4- Link order is incorrect for some systems using Kerberos 4 and AFS. Result 5 is multiple inclusion of DES symbols. Holger Trapp 6 <holger.trapp@hrz.tu-chemnitz.de> reports that changing the configure 7 generated link order from: 8 -lresolv -lkrb -lz -lnsl -lutil -lkafs -lkrb -ldes -lcrypto --- 4 unchanged lines hidden (view full) --- 13- Write a test program that calls stat() to search for EGD/PRNGd socket 14 rather than use the (non-portable) "test -S". 15 16- Replacement for setproctitle() - HP-UX support only currently 17 18- Handle changing passwords for the non-PAM expired password case 19 20- Improve PAM support (a pam_lastlog module will cause sshd to exit) | 1Programming: 2- Grep for 'XXX' comments and fix 3 4- Link order is incorrect for some systems using Kerberos 4 and AFS. Result 5 is multiple inclusion of DES symbols. Holger Trapp 6 <holger.trapp@hrz.tu-chemnitz.de> reports that changing the configure 7 generated link order from: 8 -lresolv -lkrb -lz -lnsl -lutil -lkafs -lkrb -ldes -lcrypto --- 4 unchanged lines hidden (view full) --- 13- Write a test program that calls stat() to search for EGD/PRNGd socket 14 rather than use the (non-portable) "test -S". 15 16- Replacement for setproctitle() - HP-UX support only currently 17 18- Handle changing passwords for the non-PAM expired password case 19 20- Improve PAM support (a pam_lastlog module will cause sshd to exit) |
| 21 and maybe support alternate forms of authenications like OPIE via | 21 and maybe support alternate forms of authentications like OPIE via |
| 22 pam? 23 24- Rework PAM ChallengeResponseAuthentication 25 - Use kbdint request packet with 0 prompts for informational messages 26 - Use different PAM service name for kbdint vs regular auth (suggest from 27 Solar Designer) 28 - Ability to select which ChallengeResponseAuthentications may be used 29 and order to try them in e.g. "ChallengeResponseAuthentication skey, pam" --- 7 unchanged lines hidden (view full) --- 37 38- sftp-server: Rework to step down to 32bit ints if the platform 39 lacks 'long long' == 64bit (Notable SCO w/ SCO compiler) 40 41- Linux hangs for 20 seconds when you do "sleep 20&exit". All current 42 solutions break scp or leaves processes hanging around after the ssh 43 connection has ended. It seems to be linked to two things. One 44 select() under Linux is not as nice as others, and two the children | 22 pam? 23 24- Rework PAM ChallengeResponseAuthentication 25 - Use kbdint request packet with 0 prompts for informational messages 26 - Use different PAM service name for kbdint vs regular auth (suggest from 27 Solar Designer) 28 - Ability to select which ChallengeResponseAuthentications may be used 29 and order to try them in e.g. "ChallengeResponseAuthentication skey, pam" --- 7 unchanged lines hidden (view full) --- 37 38- sftp-server: Rework to step down to 32bit ints if the platform 39 lacks 'long long' == 64bit (Notable SCO w/ SCO compiler) 40 41- Linux hangs for 20 seconds when you do "sleep 20&exit". All current 42 solutions break scp or leaves processes hanging around after the ssh 43 connection has ended. It seems to be linked to two things. One 44 select() under Linux is not as nice as others, and two the children |
| 45 of the shell are not killed on exiting the shell. Redhat have an excellent 46 description of this in their RPM package. | 45 of the shell are not killed on exiting the shell. 46 A short run-down of what happens: 47 - The shell starts up, and starts its own session. As a side-effect, it 48 gets its own process group. 49 - The child forks off sleep, and because it's in the background, puts it 50 into its own process group. The sleep command inherits a copy of the 51 shell's descriptor for the tty as its stdout. 52 - The shell exits, but doesn't SIGHUP all of its child PIDs like it probably 53 should(?) 54 - The sshd server attempts to read from the master side of the pty, and 55 while there are still process with the pty open, no EOF is produced. 56 - The sleep command exits, closes its descriptor, sshd detects the EOF, and 57 the connection gets closed. 58 Ways we've tried fixing this in sshd, and why they didn't work out: 59 - SIGHUP the sshd's process group. 60 - The shell is in its own process group. 61 - Track process group IDs of all children before we reap them (via an extra 62 field in Session structures which holds the pgid for each child pid), and 63 SIGHUP the pgid when we reap. 64 - Background commands are in yet another process group. 65 - Close the connection when the child dies. 66 - Background commands may need to write data to the connection. Also 67 prematurely truncates output from some commands (scp server, the 68 famous "dd if=/dev/zero bs=1000 count=100" case). 69 Known workarounds: 70 - bash: shopt huponexit on 71 - tcsh: none 72 - zsh: setopt HUP (usually the default setting) 73 (taken from email from Jason Stone to openssh-unix-dev, 5 May 2001) 74 - pdksh: ? 75 This appears to affect NetKit rsh under Linux as well: it behaves the same 76 with 'sleep 20 & exit'. |
| 47 48- Build an automated test suite 49 50- 64-bit builds on HP-UX 11.X (stevesk@pobox.com): 51 - utmp/wtmp get corrupted (something in loginrec?) 52 - can't build with PAM (no 64-bit libpam yet) 53 54Documentation: --- 43 unchanged lines hidden (view full) --- 98- AIX 99 + usrinfo() does not set TTY, but only required for legicy systems. Works 100 with PrivSep. 101- OSF 102 + SIA is broken 103- Cygwin 104 + Privsep for Pre-auth only (no fd passing) 105 | 77 78- Build an automated test suite 79 80- 64-bit builds on HP-UX 11.X (stevesk@pobox.com): 81 - utmp/wtmp get corrupted (something in loginrec?) 82 - can't build with PAM (no 64-bit libpam yet) 83 84Documentation: --- 43 unchanged lines hidden (view full) --- 128- AIX 129 + usrinfo() does not set TTY, but only required for legicy systems. Works 130 with PrivSep. 131- OSF 132 + SIA is broken 133- Cygwin 134 + Privsep for Pre-auth only (no fd passing) 135 |
| 106$Id: TODO,v 1.50 2002/06/25 17:12:27 mouring Exp $ | 136$Id: TODO,v 1.51 2002/09/05 06:32:03 djm Exp $ |