Add notes from meeting

git-svn-id: svn://anonsvn.mit.edu/krb5/users/amb/referrals@18521 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/TODO b/TODO
index 2e5040af3feb2764a61e3895c82b29d370b199ed..1fadf7127e218eca62e1c933f3b9c5a4db0d3ffe 100644 (file)
--- a/TODO
+++ b/TODO
@@ -1,19 +1,47 @@
+from 21 aug 2006 meeting, notable screw cases and notes on same:
+
+- referrals which terminate at a non-referral-capable realm should retry
+  the final request without referrals turned on (the "referrals to MIT" case)
+- intermediate cross-realm TGTs should not be cached, only the final
+  service ticket, anything from the local KDC, and anything that came up
+  during the degenerate (walk_realm_tree) unreferred traversal case
+- "too many hops" failure can be a hard failure
+- TGT referrals per original 4120 spec should continue to Just Work
+  - the code path for this is different and doesn't check much.
+    is this a gaping hole waiting to be filled maliciously?
+- bug: principal parsing fails with zero-length realm
+- maybe bug: win->athena referrals don't work
+  - hey, wait, there's no cross-realm TGT there.  wacky.
+- the case where we make a default realm assumption is very important to
+  maintain the current functionality with
+- it's more important to minimize KDC round-trips and perform to
+  minimally functional spec than to make all possible (and probably
+  futile) fallbacks
+
 current:
 
 - now that we're getting real referral tickets handle them properly in krb5_get_cred_from_kdc_opt
 - referral-relevant credential checks in krb5_get_cred_via_tkt completely disabled; fix
+- verify that cached tickets work properly (it seems so)
+- rewrite verification to be more tightly-coupled to referral case
+- when should ccache be checked during referral process?  never?
 
 low-priority:
 
 - code (or explicitly punt) edge cases in krb5_get_cred_from_kdc_opt
 - add klist option to print actual credential principal
+- referral loop checking
+
+later, hopefully soon:
+- padata parsing
 
 final:
 
 - check namespace use with tom
 - review code for:
-  - string safety, particularly strcmp use
+  - string safety, particularly strcmp use -- nothing is guaranteed to be a string,
+    do not use string functions at all.
   - memory leaks
-- check assumptions on dereference of credential members
+- check assumptions on assumed dereferencability of credential members
 - code format
 - remove tracing/debugging code