[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Improvements and bug fixes



Daniel Kouril <kouril@ics.muni.cz> writes:
> Hello,

Hi there.

> there are new patches for heimdal at http://www.ics.muni.cz/scb/devel/heimdal.

Thanks for the patches.  I think Johan has taken care of most of them
already.  But I had some questions...

> - verify.patch (a small fix in lib/auth/afskauthlib)

If I read the patch correctly, you do k_setpag() in both afs_verify
and verify_krb5 and verify_krb4.  Does that really make sense?  I
guess the interesting question here is we want to give every user that
uses this module a pag, and if so, it's easist just to do it once in
afs_verify.

This code should really also use a temporary memory ccache before
writing it to disk.

> - rsh.patch

Do you think it worthwhile to have a warning here?  The vanilla
version rsh does not seem to print a warning before execing rlogin.

The second part is just for when the user has requestes encryption and
we're using bsd-authentication, right?  Shouldn't we print an error
instead?

> - win2k.patch (cooperation with MS Win2k)

the `if(buf)' part was bad.  fixed.

I assume that w2k is unhappy with getting an salttype there?  fixed too.

> - gssapi-delegation.patch adds token delegation to Heimdal implementation of
>     gss-api. It needs rd_cred.patch. 

applied.  address_to_krb5addr.c had no copyright notice so I added the
standard KTH one, hope that's ok.

> - ftp-delegation.patch This patch enables using of delegated tokens in ftp. 

applied

> - ftppass.patch

I had forgotten that we did not have that.

About the part in dologout: don't you need KRB4 to have kafs
functions?  And should wew not do krb5_cc_destroy?

> - login-otp.patch enables OTP authentication in login. 

just a minor nit: please patch the Makefile.am and not Makefile.in.  applied.

> - There are some problems with ticket forwarding to/from MIT apps, and
>     to/from GSS apps. This patch tries to fix them. rd_cred.patch. 

Applied, but I'm curious.  When do you get crdentials with etype == NULL?

Thanks again.

/assar