-- Dual Auth Support
- Try Kerberos V5 and then V4 or visa versa.
-
-- Save Creds/Tickets
- Retrieve and store krbtgt and set env variable of file path.
-
- Cleanup Daemon
Maybe write some little cleanup daemon to clean up ticket files.
-- Set Path for Storage of Temp Files
- Storage of ticket files, and maybe others at some point.
-
- Verify Krb5 Ticket
Currently www/hostname.
Can I do this with Krb4?
+ Yes apparently! See bug report from Ken Raeburn.
-- Ability to Set Realm in Config
+* Ability to Set Realm in Config
Not compiled in anymore.
Maybe some form of multiple realms specifiable?
-- Settable Location of Keytab/Srvtab
+* Settable Location of Keytab/Srvtab
Again, in config instead of compiled in.
-- Authoritative Support
- If Kerberos check fails, don't fall through to other modules.
-
-- Lifetime Settable
- Set lifetime of tickets in config.
-
-- Default Instance
- You can make it so that 'by default', a user's daniel/root or
- daniel/www instance is auth'd against instead of just daniel.
-
-- Any Instance
- Allow for specification of daniel/root or daniel/admin.
- If off, only checks against defaultinstance instance.
+- Require Instance
+ We'll allow for a 'require instance ......'.
- Expire Reauth
Set a lifetime on tickets, and after expiration, tries to -force-
a reauth (brings up login/password window)
-- Auth Fail Status
- Set how a failure fails. Forbidden or Unauthorized.
+- Browser Mutual Auth Support
+ Combined with plugins, use auth user already has.
+ - implement support for the Negotiate authentication method
+
+- Environment Variables
+ KRB5CCNAME, KRBTKFILE
+ KRB_PRINC_NAME?
+ Re: msg 266 Christopher Lindsey
+
+- Multi-Realm Support
+ require realm EOS.NCSU.EDU maybe?
+
+- HEIMDAL Support
+ Mods to make sure it works with the HEIMDAL releases.
+
+- Mods To Work With STRONGHOLD and SSL
+
+- Guards Against Replay Attack Checks?
+ Re: msg 249 Fabian Ritzmann
+ Maybe some form of cookie support?
+
+- KRB5LEGACY Check
+ Need to make sure it works with older Krb's
+
+- Provide "Logout" Sample Script
+ PHP, maybe perl, who knows.
+ Sample PHP one in mail.
-- Forwardable/Renewable Tickets
- Setting in config.
+- Functional README's and INSTALL's