* configure
-use more careful checking before starting to use berkeley db. it only
-makes sense to do so if we have the appropriate library and the header
-file.
-
* appl
** appl/popper
-Implement RFC1731 and 1734, pop over GSS-API
-
-** appl/rsh
-
-add rcp program
+* doc
* kdc
-preferably use keys with default salt for v5 requests
-
* kadmin
-is in need of a major cleanup
+* kpasswdd
* lib
** lib/asn1
-prepend a prefix on all generated symbols
-
** lib/auth
-PAM
-
-** lib/gssapi
-
-process_context_token, display_status, add_cred, inquire_cred_by_mech,
-export_sec_context, import_sec_context, inquire_names_for_mech, and
-inquire_mechs_for_name not implemented.
+** lib/auth/sia
-only DES MAC MD5 and DES implemented.
+** lib/com_err
-set minor_status in all functions
+** lib/des
-init_sec_context: `initiator_cred_handle' and `time_req' ignored.
+** lib/gssapi
-anonymous credentials not implemented
+cache delegation credentials to avoid hitting the kdc ? require time
+stampless tickets, and was supported in the recv'ing end with 0.6.1.
-add 3des, rc4
+** lib/hdb
** lib/kadm5
** lib/krb5
-rewrite the lookup of KDCs to handle kerberos-<n> and not do any DNS
-requests if the information can be found locally. this requires stop
-using krb5_get_krbhst.
-
-the replay cache is, in its current state, not very useful
-
-always generates a new subkey in an authenticator
-
-should the sequence numbers be XORed?
-
-OTP?
-
-make checksum/encryption type configuration more realm-specific. make
-some simple way of handling the w2k situtation
+verify_user: handle non-secure verification failing because of
+host->realm mapping
** lib/roken
-
-getifaddrs