TODO revision 99060
122347SpstProgramming: 222347Spst- Grep for 'XXX' comments and fix 322347Spst 422347Spst- Link order is incorrect for some systems using Kerberos 4 and AFS. Result 522347Spst is multiple inclusion of DES symbols. Holger Trapp 622347Spst <holger.trapp@hrz.tu-chemnitz.de> reports that changing the configure 722347Spst generated link order from: 822347Spst -lresolv -lkrb -lz -lnsl -lutil -lkafs -lkrb -ldes -lcrypto 922347Spst to: 1022347Spst -lresolv -lkrb -lz -lnsl -lutil -lcrypto -lkafs -lkrb -ldes 1122347Spst fixing the problem. 1222347Spst 1322347Spst- Write a test program that calls stat() to search for EGD/PRNGd socket 1422347Spst rather than use the (non-portable) "test -S". 1522347Spst 1622347Spst- Replacement for setproctitle() - HP-UX support only currently 1722347Spst 1822347Spst- Handle changing passwords for the non-PAM expired password case 1922347Spst 2022347Spst- Improve PAM support (a pam_lastlog module will cause sshd to exit) 2122347Spst and maybe support alternate forms of authenications like OPIE via 2222347Spst pam? 2322347Spst 2422347Spst- Rework PAM ChallengeResponseAuthentication 2522347Spst - Use kbdint request packet with 0 prompts for informational messages 2622347Spst - Use different PAM service name for kbdint vs regular auth (suggest from 2722347Spst Solar Designer) 2822347Spst - Ability to select which ChallengeResponseAuthentications may be used 2922347Spst and order to try them in e.g. "ChallengeResponseAuthentication skey, pam" 3022347Spst 3122347Spst- Complete Tru64 SIA support 3222347Spst - It looks like we could merge it into the password auth code to cut down 3322347Spst on diff size. Maybe PAM password auth too? 3422347Spst 3522347Spst- Finish integrating kernel-level auditing code for IRIX and SOLARIS 3622347Spst (Gilbert.r.loomis@saic.com) 3722347Spst 3822347Spst- sftp-server: Rework to step down to 32bit ints if the platform 3922347Spst lacks 'long long' == 64bit (Notable SCO w/ SCO compiler) 4022347Spst 4122347Spst- Linux hangs for 20 seconds when you do "sleep 20&exit". All current 4222347Spst solutions break scp or leaves processes hanging around after the ssh 4322347Spst connection has ended. It seems to be linked to two things. One 4422347Spst select() under Linux is not as nice as others, and two the children 4522347Spst of the shell are not killed on exiting the shell. Redhat have an excellent 4622347Spst description of this in their RPM package. 4722347Spst 4822347Spst- Build an automated test suite 4922347Spst 5022347Spst- 64-bit builds on HP-UX 11.X (stevesk@pobox.com): 5122347Spst - utmp/wtmp get corrupted (something in loginrec?) 5222347Spst - can't build with PAM (no 64-bit libpam yet) 5322347Spst 5422347SpstDocumentation: 5522347Spst- More and better 5622347Spst 5722347Spst- Install FAQ? 5822347Spst 5922347Spst- General FAQ on S/Key, TIS, RSA, RSA2, DSA, etc and suggestions on when it 6022347Spst would be best to use them. 6122347Spst 6222347Spst- Create a Documentation/ directory? 6322347Spst 6422347SpstClean up configure/makefiles: 6522347Spst- Clean up configure.ac - There are a few double #defined variables 6622347Spst left to do. HAVE_LOGIN is one of them. Consider NOT looking for 6722347Spst information in wtmpx or utmpx or any of that stuff if it's not detected 6822347Spst from the start 6922347Spst 7022347Spst- Fails to compile when cross compile. 7122347Spst (vinschen@redhat.com) 7222347Spst 7322347Spst- Replace the whole u_intXX_t evilness in acconfig.h with something better??? 7422347Spst 7522347Spst- Consider splitting the u_intXX_t test for sys/bitype.h into seperate test 7622347Spst to allow people to (right/wrongfully) link against Bind directly. 7722347Spst 7822347Spst- Consider splitting configure.ac into seperate files which do logically 7922347Spst similar tests. E.g move all the type detection stuff into one file, 8022347Spst entropy related stuff into another. 8122347Spst 82Packaging: 83- Solaris: Update packaging scripts and build new sysv startup scripts 84 Ideally the package metadata should be generated by autoconf. 85 (gilbert.r.loomis@saic.com) 86 87- HP-UX: Provide DEPOT package scripts. 88 (gilbert.r.loomis@saic.com) 89 90 91PrivSep Issues: 92- mmap() issues. 93 + /dev/zero solution (Solaris) 94 + No/broken MAP_ANON (Irix) 95 + broken /dev/zero parse (Linux) 96- PAM 97 + See above PAM notes 98- AIX 99 + usrinfo() does not set TTY, but only required for legicy systems. Works 100 with PrivSep. 101- OSF 102 + SIA is broken 103- Cygwin 104 + Privsep for Pre-auth only (no fd passing) 105 106$Id: TODO,v 1.50 2002/06/25 17:12:27 mouring Exp $ 107