From: Andrew Boardman <amb@mit.edu>
Date: Fri, 25 Aug 2006 22:31:04 +0000 (+0000)
Subject: More to do after afternoon's meeting and testing
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ab42ce934966a0fada06d81f29bcfaf9f7d84284;p=thirdparty%2Fkrb5.git

More to do after afternoon's meeting and testing

git-svn-id: svn://anonsvn.mit.edu/krb5/users/amb/referrals@18543 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/TODO b/TODO
index fdc391c2e4..b51370e799 100644
--- a/TODO
+++ b/TODO
@@ -1,6 +1,8 @@
 questions:
 - should do_traversal code for old-style lookups still be requesting referrals?
   If so, within what scope should they actually be used?
+- Should we do the single non-referral fallback always or only on certain
+  KDC failure states?  Probably answer this from testing.
 
 current:
 - rewrite verification to be more tightly-coupled to referral case
@@ -9,6 +11,13 @@ current:
 - add error reporting to end of gc_from_kdc
 - deal with fetching remote TGTs after all before referrals
   - this is needed in domain_realm case
+- tgs-req realm needs to match server realm; requesting an ATHENA.MIT.EDU
+  ticket, say, from NOT.MS.MIT.EDU, fails
+  - rewrite initial TGS request
+- rewrite service realm before ticket goes back so that future requests
+  will hit on ccache
+  - testable with "kvno host/argos.mit.edu@NOT.MS.MIT.EDU"
+- write up understanding of current referral scheme to krbcore
 
 bug fixes:
 - kvno crashes freeing in_cred after the call completes.  why is this?