$Id$
-* admin
-
-add some kind of remote admin protocol
-
-** kpasswd
+* configure
* appl
-more programs here
-
-** appl/rsh
-
-forwarding is not implemented at all.
-
-perhaps rsh and rshd should be able to handle `traditional'
- rsh-protocol as well.
-
-** appl/telnet
-
-forwarding not implemented.
-
-** appl/test
-
-should test more stuff
+** appl/popper
* doc
-there's some room for improvement here.
-
* kdc
-implement support for interoperability with kerberos V4.
+* kadmin
-needs a configuration file.
-
-* kuser
-
-** kinit
-
-misses lots of useful options.
-
-should try to give better error messages.
+* kpasswdd
* lib
** lib/asn1
-prepend a prefix on all generated symbols
-
** lib/auth
-PAM and afskauthlib
+** lib/auth/sia
-** lib/des
-
-md4, md5, and sha doesn't work on Crays.
+** lib/com_err
-** lib/editline
-
-** lib/error
+** lib/des
** lib/gssapi
-acquire_cred, release_cred, process_context_token, context_time,
-display_status, compare_names, export_name, inquire_cred,
-wrap_size_limit, add_cred, inquire_cred_by_mech, export_sec_context,
-import_sec_context, inquire_names_for_mech, inquire_mechs_for_name,
-canonicalize_name, and duplicate_name not implemented.
-
-import_name only understands GSS_C_NT_HOSTBASED_SERVICE and
-GSS_C_NO_OID.
-
-get_mic, wrap: always uses the remote_subkey
-
-only DES MAC MD5 and DES implemented.
-
-wrap and unwrap always uses DES for sealing even if conf is not
-requested.
-
-minor_status is never set
-
-init_sec_context: `initiator_cred_handle' and `time_req' ignored.
-
-accept_sec_context: the first principal in the srvtab is always used.
-
-accept_sec_context: `acceptor_cred_handle' is ignored.
-
-input channel bindings are not supported
-
-delegation not implemented
-
-anonymous credentials not implemented
+cache delegation credentials to avoid hitting the kdc ? require time
+stampless tickets, and was supported in the recv'ing end with 0.6.1.
** lib/hdb
-implement encryption of database entries and master keys.
-
-** lib/krb5
-
-replay cache not implemented
-
-the following encryption types have been implemented: DES-CBC-CRC,
-DES-CBC-MD4, DES-CBC-MD5
+** lib/kadm5
-supports the following checksums: CRC32, RSA-MD4, RSA-MD5,
-RSA-MD4-DES, RSA-MD5-DES
+add policies?
-always generates a new subkey in an authenticator
+fix to use rpc?
-probably leaks memory when errors occur
-
-should the sequence numbers be XORed?
-
-encryption and checksum type is still hardcoded in some places.
+** lib/krb5
-postdated, renewable, and forwardable tickets are not supported.
+verify_user: handle non-secure verification failing because of
+host->realm mapping
** lib/roken
-
-** lib/sl