TODO revision 99060 
1Programming:
2- Grep for 'XXX' comments and fix
3
4- Link order is incorrect for some systems using Kerberos 4 and AFS. Result
5  is multiple inclusion of DES symbols. Holger Trapp 
6  <holger.trapp@hrz.tu-chemnitz.de> reports that changing the configure
7  generated link order from:
8	-lresolv -lkrb -lz -lnsl  -lutil -lkafs -lkrb -ldes -lcrypto
9  to:
10	-lresolv -lkrb -lz -lnsl  -lutil -lcrypto -lkafs -lkrb -ldes
11  fixing the problem.
12
13- Write a test program that calls stat() to search for EGD/PRNGd socket
14  rather than use the (non-portable) "test -S". 
15
16- Replacement for setproctitle() - HP-UX support only currently
17
18- Handle changing passwords for the non-PAM expired password case
19
20- Improve PAM support (a pam_lastlog module will cause sshd to exit)
21  and maybe support alternate forms of authenications like OPIE via
22  pam?
23
24- Rework PAM ChallengeResponseAuthentication
25 - Use kbdint request packet with 0 prompts for informational messages
26 - Use different PAM service name for kbdint vs regular auth (suggest from
27   Solar Designer)
28 - Ability to select which ChallengeResponseAuthentications may be used
29   and order to try them in e.g. "ChallengeResponseAuthentication skey, pam"
30
31- Complete Tru64 SIA support
32 - It looks like we could merge it into the password auth code to cut down
33   on diff size. Maybe PAM password auth too?
34
35- Finish integrating kernel-level auditing code for IRIX and SOLARIS
36  (Gilbert.r.loomis@saic.com)
37
38- sftp-server:  Rework to step down to 32bit ints if the platform
39  lacks 'long long' == 64bit (Notable SCO w/ SCO compiler)
40
41- Linux hangs for 20 seconds when you do "sleep 20&exit".  All current
42  solutions break scp or leaves processes hanging around after the ssh
43  connection has ended.  It seems to be linked to two things.  One
44  select() under Linux is not as nice as others, and two the children
45  of the shell are not killed on exiting the shell. Redhat have an excellent
46  description of this in their RPM package.
47
48- Build an automated test suite
49
50- 64-bit builds on HP-UX 11.X (stevesk@pobox.com):
51  - utmp/wtmp get corrupted (something in loginrec?)
52  - can't build with PAM (no 64-bit libpam yet)
53
54Documentation:
55- More and better
56
57- Install FAQ?
58
59- General FAQ on S/Key, TIS, RSA, RSA2, DSA, etc and suggestions on when it
60  would be best to use them.  
61
62- Create a Documentation/ directory?
63
64Clean up configure/makefiles:
65- Clean up configure.ac - There are a few double #defined variables
66  left to do.  HAVE_LOGIN is one of them.  Consider NOT looking for
67  information in wtmpx or utmpx or any of that stuff if it's not detected
68  from the start
69
70- Fails to compile when cross compile.
71  (vinschen@redhat.com)
72
73- Replace the whole u_intXX_t evilness in acconfig.h with something better???
74
75- Consider splitting the u_intXX_t test for sys/bitype.h  into seperate test
76  to allow people to (right/wrongfully) link against Bind directly.
77
78- Consider splitting configure.ac into seperate files which do logically
79  similar tests. E.g move all the type detection stuff into one file, 
80  entropy related stuff into another.
81
82Packaging:
83- Solaris: Update packaging scripts and build new sysv startup scripts
84  Ideally the package metadata should be generated by autoconf.
85  (gilbert.r.loomis@saic.com)
86
87- HP-UX: Provide DEPOT package scripts.
88  (gilbert.r.loomis@saic.com)
89
90
91PrivSep Issues:
92- mmap() issues.
93  + /dev/zero solution (Solaris)
94  + No/broken MAP_ANON (Irix)
95  + broken /dev/zero parse (Linux)
96- PAM 
97  + See above PAM notes
98- AIX
99  + usrinfo() does not set TTY, but only required for legicy systems.  Works
100    with PrivSep.
101- OSF
102  + SIA is broken
103- Cygwin
104  + Privsep for Pre-auth only (no fd passing)
105
106$Id: TODO,v 1.50 2002/06/25 17:12:27 mouring Exp $
107