[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Improvements and bug fixes
Daniel Kouril <firstname.lastname@example.org> writes:
> there are new patches for heimdal at http://www.ics.muni.cz/scb/devel/heimdal.
Thanks for the patches. I think Johan has taken care of most of them
already. But I had some questions...
> - verify.patch (a small fix in lib/auth/afskauthlib)
If I read the patch correctly, you do k_setpag() in both afs_verify
and verify_krb5 and verify_krb4. Does that really make sense? I
guess the interesting question here is we want to give every user that
uses this module a pag, and if so, it's easist just to do it once in
This code should really also use a temporary memory ccache before
writing it to disk.
> - rsh.patch
Do you think it worthwhile to have a warning here? The vanilla
version rsh does not seem to print a warning before execing rlogin.
The second part is just for when the user has requestes encryption and
we're using bsd-authentication, right? Shouldn't we print an error
> - win2k.patch (cooperation with MS Win2k)
the `if(buf)' part was bad. fixed.
I assume that w2k is unhappy with getting an salttype there? fixed too.
> - gssapi-delegation.patch adds token delegation to Heimdal implementation of
> gss-api. It needs rd_cred.patch.
applied. address_to_krb5addr.c had no copyright notice so I added the
standard KTH one, hope that's ok.
> - ftp-delegation.patch This patch enables using of delegated tokens in ftp.
> - ftppass.patch
I had forgotten that we did not have that.
About the part in dologout: don't you need KRB4 to have kafs
functions? And should wew not do krb5_cc_destroy?
> - login-otp.patch enables OTP authentication in login.
just a minor nit: please patch the Makefile.am and not Makefile.in. applied.
> - There are some problems with ticket forwarding to/from MIT apps, and
> to/from GSS apps. This patch tries to fix them. rd_cred.patch.
Applied, but I'm curious. When do you get crdentials with etype == NULL?