[17041] in Kerberos_V5_Development
What's missing in fast-otp?
daemon@ATHENA.MIT.EDU (Linus Nordberg)
Mon Jul 18 08:12:14 2011
To: krbdev@mit.edu
From: Linus Nordberg <linus@nordu.net>
Date: Mon, 18 Jul 2011 14:11:53 +0200
Message-ID: <87pql7kcty.fsf@nordberg.se>
Mime-Version: 1.0
X-Complaints-To: usenet@dough.gmane.org
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Hi,
I'm working on getting branch fast-otp of
https://github.com/ln5/krb5-anonsvn (implementing
draft-ietf-krb-wg-otp-preauth) good enough for inclusion in MIT's repo.
What issues are there?
- Using two new krbExtraInfo types
#define KRB5_TL_OTP_ID 0x0800 /* OTP token id */
#define KRB5_TL_OTP_BLOB 0x1000 /* OTP binary blob */
Greg on IRC: "It's on our list to create a more scalable extension for
principal entries. (Possibly just a tl-data type containing a
string/string mapping.)"
- Dependencies -- we depend on libykclient and libcurl
Is this acceptable? With a configure option `--enable-plugin-otp'?
- Code quality -- a review would be valuable
- Verification of KDC nonce -- trying to find out if the PA-FX-COOKIE
can help here.
- Standard compliance and completeness -- we're far from implementing
all of draft-ietf-krb-wg-otp-preauth
- Test suite -- what's the preferred way of adding tests for this?
Thanks,
Linus
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev