File: TODO

package info (click to toggle)
krb5-sync 3.1-2
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster
  • size: 2,560 kB
  • sloc: sh: 11,750; ansic: 7,181; perl: 663; makefile: 135
file content (49 lines) | stat: -rw-r--r-- 1,701 bytes parent folder | download | duplicates (3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
                           krb5-sync To-Do List

General:

 * Look at http://code.google.com/p/krb5-adsync/ (based on this code) for
   what ideas can be incorporated back into this package.  Currently, code
   cannot be shared due to licensing reasons.

Plugin:

 * Support a list of accounts that should be synchronized instead of doing
   the configuration by instance.

 * In Heimdal, error reporting when the Active Directory configuration
   exists but the keytab does not is horrible.  Nothing is logged and the
   client just gets a generic failure message.

 * Support instance-specific roots, DN mappings, and transforms for
   accounts (such as would be needed for /sunet instances at Stanford).

 * Use krb5_chpw_message to parse AD replies.

Configuration:

 * krb5-sync-backend should get the path to Perl from configure.

 * Currently, the queue path is hard-coded in krb5-sync-backend even
   though for the plugin it's configurable in krb5.conf.
   krb5-sync-backend needs to be able to read the krb5.conf value somehow.

Test Suite:

 * Provide a way to point to a test realm for testing password change
   actions.

 * Mock out LDAP libraries to test pushing Active Directory status
   changes.

 * In krb5-sync-backend, search the user's PATH plus sbin directories for
   krb5-sync instead of hard-coding the path to it.

 * Add tests for krb5-sync-backend process and purge.  This may require a
   way to tell krb5-sync-backend which time to use when creating queue
   files instead of always using the current time.

 * Add tests for allowed instances.

 * Add tests for ad_base_instance, which will require initializing a local
   Kerberos database and pointing kadm5srv to it.