File: TODO

package info (click to toggle)
poldi 0.4.1-3
  • links: PTS
  • area: main
  • in suites: jessie, jessie-kfreebsd
  • size: 2,892 kB
  • ctags: 1,112
  • sloc: ansic: 9,554; sh: 4,684; makefile: 245; sed: 16
file content (36 lines) | stat: -rw-r--r-- 1,718 bytes parent folder | download | duplicates (4)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
Final:
* allow for Dirmngr to be started on demand (in pipe mode) (NO <- Why?!)

Low priority:
* allow user to skip card authentication without submitting a wrong
   PIN to the card, e.g. by entering an empty PIN? Return
   PAM_CRED_INSUFFICIENT in that case? PAM_AUTHINFO_UNAVAIL? PAM_AUTH_ERR?
* figure out what exactly the dependencies on the OpenPGP smartcard are.
* improve doc
* work on MIGRATION text
* fix install-conf-skeleton (does nothing for x509?)
* better (new?) error codes
* verify we don't need pam_sm_setcred; i still don't get what this
  call is needed for - most PAM modules in Linux-PAM implement it as a
  dummy.
* poldi shouldn't contain any global state (explain why), reference
  needed: as far as i understand it, PAM modules should be rather
  reentrant; at least thread safe.  so that applications do can call
  pam_authenticate without danger.
* conf skeleton for x509 method?
* do we want to respect conv_tell error codes or should it be void?
* give user a chance to enter PIN twice?
* check if information on Applications in the manual are still uptodate.
* figure what needs to be done for enabling LTSP logins through Poldi (interesting!)
* allow user to override scdaemon to use through environment variables
  or something (probably required for ltsp).
* what does "6 characters minimum" mean in openpgp-card.pdf? is it "bytes" or really "utf8 characters"?
* shall we really forbid to use non-digit characters in PIN?
* system wide scdaemon?
* disallow login in case of key expiration
* diplay expiration info before key is expired
* portability to non- GNU/Linux systems that support PAM
* workaround for older cards regarding public key retrival?

High priority:
* general audit