logo_kerberos.gif

Release Meeting Minutes/2011-11-22

From K5Wiki
< Release Meeting Minutes
Revision as of 13:05, 29 November 2011 by TomYu (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Will Fiveash, Carlos Garay, Thomas Hardjono, Sam Hartman, Greg Hudson, Simo Sorce, Zhanna Tsitkova, Tom Yu

Simo
Bug in directory server. 2 threads using same ccache at same time.
Greg
Need to use separate krb contexts. There might be some bugs.
Simo
Cross-realm trust with windows. Trying to validate PAC. Failing. Signature always fails to validate.
Sam
Greg, MD5 checksum bug we found at interop?
Greg
Is it using AES256 keys?
Simo
Don't know key types.
Greg
PACs always use HMAC-MD5 for all enctypes. Length issue. Fixed on trunk. Might not be pulled up yet.
Sam
SSSD ported to use new preauth interface?
Simo
Not yet.
Sam
Will have to open bug on Debian's SSSD about it becoming completely broken on krb5 update....
Simo
Only using KDC location plugin.
Greg
Working on OTP encoders based on Linus code. Want some way to text. Maybe PyASN1.
Sam
Might be better to use a tool that reads the actual ASN.1 notation in the RFC.
Tom
There are historical artifacts due to students misreading ASN.1.
Greg
2**31 nonce.
Sam
Issue written up by Ken. (KRB-SAFE/KRB-PRIV have weird interop issues) [krbdev.mit.edu #3196]
Sam
IETF. Need some focused work on general PAC. Maybe January-ish virtual meeting. (a WG session)

Thomas will get scheduled. 2nd week of January?

Sam
DHCP6. Unfortunately the AD has bounced it as unreadable. Steve Farrell cares about editorial quality.
Tom
Proposed some AD types.
Sam
Positive response.
Tom
Levels of Assurance -- verbose URNs. How about OIDs?
Sam
Maybe add a column to the registry.
Tom
1.10 release. issues?
Greg
OTP encoders in. Probably shouldn't impact schedule.
Sam
Revised FAST PKINIT; will commit soon. Typed data ordering.
Greg
Made pkinit look at all padata.
Sam
Windows -- signed builds? Project management updates. Cloase to alpha1 for KfW. Could set things up to pull entire built tree and run special target to sign. 3 phases: build, sign, copy back, copy installer...
Sam
Maybe broke existing versions of KfW. Probably find and remove old versions before installing.
Personal tools