TODO revision 124208 
1Documentation:
2
3- Update the docs
4  - Update README
5  - Update INSTALL
6  - Merge INSTALL & README.privsep
7
8- Install FAQ?
9
10- General FAQ on S/Key, TIS, RSA, RSA2, DSA, etc and suggestions on when it
11  would be best to use them.  
12
13- Create a Documentation/ directory?
14
15Programming:
16
17- Grep for 'XXX' comments and fix
18
19- Link order is incorrect for some systems using Kerberos 4 and AFS. Result
20  is multiple inclusion of DES symbols. Holger Trapp 
21  <holger.trapp@hrz.tu-chemnitz.de> reports that changing the configure
22  generated link order from:
23	-lresolv -lkrb -lz -lnsl  -lutil -lkafs -lkrb -ldes -lcrypto
24  to:
25	-lresolv -lkrb -lz -lnsl  -lutil -lcrypto -lkafs -lkrb -ldes
26  fixing the problem.
27
28- Write a test program that calls stat() to search for EGD/PRNGd socket
29  rather than use the (non-portable) "test -S". 
30
31- More platforms for for setproctitle() emulation (testing needed)
32
33- Handle changing passwords for the non-PAM expired password case
34
35- Improve PAM support (a pam_lastlog module will cause sshd to exit)
36  and maybe support alternate forms of authentications like OPIE via
37  pam?
38
39- Improve PAM ChallengeResponseAuthentication
40 - Informational messages
41 - chauthtok
42 - Use different PAM service name for kbdint vs regular auth (suggest from
43   Solar Designer)
44 - Ability to select which ChallengeResponseAuthentications may be used
45   and order to try them in e.g. "ChallengeResponseAuthentication skey, pam"
46
47- Complete Tru64 SIA support
48 - It looks like we could merge it into the password auth code to cut down
49   on diff size. Maybe PAM password auth too?
50
51- Finish integrating kernel-level auditing code for IRIX and SOLARIS
52  (Gilbert.r.loomis@saic.com)
53
54- 64-bit builds on HP-UX 11.X (stevesk@pobox.com):
55  - utmp/wtmp get corrupted (something in loginrec?)
56  - can't build with PAM (no 64-bit libpam yet)
57
58Clean up configure/makefiles:
59- Clean up configure.ac - There are a few double #defined variables
60  left to do.  HAVE_LOGIN is one of them.  Consider NOT looking for
61  information in wtmpx or utmpx or any of that stuff if it's not detected
62  from the start
63
64- Fails to compile when cross compile. (vinschen@redhat.com)
65
66- Replace the whole u_intXX_t evilness in acconfig.h with something better???
67 - Do it in configure.ac
68
69- Consider splitting the u_intXX_t test for sys/bitype.h  into seperate test
70  to allow people to (right/wrongfully) link against Bind directly.
71
72- Consider splitting configure.ac into seperate files which do logically
73  similar tests. E.g move all the type detection stuff into one file, 
74  entropy related stuff into another.
75
76Packaging:
77- Solaris: Update packaging scripts and build new sysv startup scripts
78  Ideally the package metadata should be generated by autoconf.
79  (gilbert.r.loomis@saic.com)
80
81- HP-UX: Provide DEPOT package scripts.
82  (gilbert.r.loomis@saic.com)
83
84PrivSep Issues:
85- mmap() issues.
86  + /dev/zero solution (Solaris)
87  + No/broken MAP_ANON (Irix)
88  + broken /dev/zero parse (Linux)
89- PAM 
90  + See above PAM notes
91- AIX
92  + usrinfo() does not set TTY, but only required for legacy systems.  Works
93    with PrivSep.
94- OSF
95  + SIA is broken
96- Cygwin
97  + Privsep for Pre-auth only (no fd passing)
98
99$Id: TODO,v 1.55 2003/06/11 13:56:41 dtucker Exp $
100