[17044] in Kerberos_V5_Development
Re: What's missing in fast-otp?
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Jul 18 10:11:39 2011
From: Greg Hudson <ghudson@mit.edu>
To: Linus Nordberg <linus@nordu.net>
In-Reply-To: <87pql7kcty.fsf@nordberg.se>
Date: Mon, 18 Jul 2011 10:11:33 -0400
Message-ID: <1310998293.23877.48.camel@t410>
Mime-Version: 1.0
Cc: "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Mon, 2011-07-18 at 08:11 -0400, Linus Nordberg wrote:
> - Dependencies -- we depend on libykclient and libcurl
>
> Is this acceptable? With a configure option `--enable-plugin-otp'?
configure.in can just check for the dependency libraries and enable the
OTP plugin if they're found. That's what we do for the securID plugin.
> - Code quality -- a review would be valuable
I will try to find time for this soon.
If you haven't already, please take a look at:
http://k5wiki.kerberos.org/wiki/Coding_style
> - Verification of KDC nonce -- trying to find out if the PA-FX-COOKIE
> can help here.
My current belief is that we do not need to do any verification of the
nonce and we do not need a cookie. I am pursuing this issue with Gareth
on krb-wg.
> - Standard compliance and completeness -- we're far from implementing
> all of draft-ietf-krb-wg-otp-preauth
What is not implemented? What kinds of tokens will be precluded by the
lack of support?
> - Test suite -- what's the preferred way of adding tests for this?
I'd suggest using src/tests/t_anonpkinit.py as a basis. The framework
used for Python tests is in src/util/k5test.py and has fairly complete
documentation.
Other possible issues:
* Is there any way to set up this plugin for use without back-end
integration with IPA? If not, this may make it difficult to create test
cases.
* Documentation, probably in doc/rst_source/krb_admins. Obviously this
will be difficult to document usefully if IPA is required for use.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
