Difference between revisions of "Projects/Documentation Tasks"
From K5Wiki
< Projects
(RC4 vulnerability) |
m (→Administration) |
||
Line 170: | Line 170: | ||
|- |
|- |
||
| <ul><li>Realm renaming </ul>|| || || || |
| <ul><li>Realm renaming </ul>|| || || || |
||
+ | |- |
||
+ | | <ul><li> Forgot Kerberos Master Key|| GH || || || |
||
|- |
|- |
||
| Basic concepts (passwd policy, ticket ) || || || || |
| Basic concepts (passwd policy, ticket ) || || || || |
||
Line 204: | Line 206: | ||
|- |
|- |
||
|} |
|} |
||
− | |||
− | |||
== General == |
== General == |
Latest revision as of 09:28, 5 June 2013
This is an early stage project for MIT Kerberos. It is being fleshed out by its proponents. Feel free to help flesh out the details of this project. After the project is ready, it will be presented for review and approval.
Contents
Purpose
To keep track of the various tasks that need to be documented such as function documentation, administration, troubleshooting etc.
Application development
task | Proposed Author | Target Date | Reviewer | Reviewer Comments |
---|---|---|---|---|
Designing a new protocol, or extending existing one, to use GSS-API | ||||
Choosing security API | ||||
|
||||
|
||||
GSS-API | ||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
GH | 2012-10-01 | ||
|
||||
|
KR | |||
|
||||
Krb5 library guide | ||||
|
||||
|
KR | under review | ||
|
||||
|
TY | TBD | ||
|
KR | |||
|
||||
|
Completed task | Author | Date | Reviewer | Reviewer Comments |
---|---|---|---|---|
Choosing security API | ||||
|
GH | 2012-03-01 | ||
|
GH | 2012-10-01 | ||
Developing plugins | GH | 2012-03-08 | ||
|
||||
|
ZT reviewed profile plugin | |||
A more advanced introduction to using the Kerberos libraries for initial authentication, focusing on the authentication steps, validating initial credential | TY | 2012-04-27 | ||
MIT Kerberos features : quick facts | ZT | ongoing | ||
How to build Kerberos from source | ZT |
Administration
task | Proposed Author | Target Date | Reviewer | Reviewer Comments |
---|---|---|---|---|
Introduction to Kerberos system | ||||
|
TH | 2012-08-15 | in progress | |
|
TH | 2012-08-15 | ||
|
TH | 2012-08-15 | ||
|
TH | 2012-07-15 | in progress | |
Setting a new realm | ||||
|
||||
|
KR | |||
Choosing encryption types for principals | TY | 2012-12-14 | under review | |
Upgrading a Kerberos infrastructure (order, backward compatibility) | ||||
Integration Kerberos with Login System | ||||
|
||||
|
||||
|
||||
|
||||
|
||||
Cross-realm | ||||
|
||||
|
||||
|
||||
Performance | ||||
|
||||
|
||||
kadmin interface | ||||
|
||||
Using Smartcard with PKINIT | ||||
Kerberized ssh | ||||
|
||||
|
||||
A guide to principal naming basics and structure | ZT | 2013-03-01 | ||
Troubleshooting | ||||
|
ZT | ongoing | ||
|
||||
|
GH | |||
Basic concepts (passwd policy, ticket ) | ||||
Approaches to authorization -- centralized vs distributed, etc. |
Completed task | Author | Date | Reviewer | Reviewer Comments |
---|---|---|---|---|
Replication | ZT | |||
Reverse DNS | TY | 2012-12-12 | ||
Selecting and configuring plugins | GH | 2012-03-15 | ||
Anonymity support | GH | 2012-10-01 | ||
Trace logging | GH | 2012-03-22 | ||
Using LDAP server for Kerberos backend | ZT | Ubuntu 10.4 (lucid) | ||
Acceptable date and time formats | ZT | 2012-07-15 | ||
kadm5.acl man page | ZT | 2012-08-15 |
General
task | Proposed Author | Target Date | Reviewer | Reviewer Comments |
---|---|---|---|---|
Why Kerberos system is suitable for the internet, not only for the enterprise | TY | |||
Impact RC4 vulnerabilities on Kerberos | TY |
API documentation
Most commonly used API functions (in alphabetical order):
Completed API | Author | Reviewer | Date | Reviewer Comments |
---|---|---|---|---|
krb5_build_principal [1] | ZT | GH | ||
krb5_build_principal_alloc_va [2] | ZT | GH | ||
krb5_build_principal_ext [3] | ZT | GH | ||
krb5_cc_close [4] | ZT | GH | ||
krb5_cc_default [5] | ZT | GH | ||
krb5_cc_default_name [6] | ZT | GH | ||
krb5_cc_destroy [7] | ZT | GH | ||
krb5_cc_dup [8] | ZT | GH | ||
krb5_cc_get_name [9] | ZT | GH | ||
krb5_cc_get_principal [10] | ZT | GH | ||
krb5_cc_get_type [11] | ZT | GH | ||
krb5_cc_initialize [12] | ZT | GH | ||
krb5_cc_new_unique [13] | ZT | GH | ||
krb5_cc_resolve [14] | ZT | GH | ||
krb5_change_password [15] | ZT | GH | ||
krb5_free_context [16] | ZT | GH | ||
krb5_free_error_message [17] | ZT | GH | ||
krb5_free_principal [18] | ZT | GH | ||
krb5_fwd_tgt_cred [19] | ZT | GH | Needs example | |
krb5_get_default_realm [20] | ZT | GH | ||
krb5_get_error_message [21] | ZT | GH | ||
krb5_get_host_realm [22] | ZT | GH | ||
krb5_get_credentials [23] | ZT | GH | ||
krb5_get_fallback_host_realm [24] | ZT | GH | ||
krb5_get_init_creds_keytab [25] | ZT | GH | ||
krb5_get_init_creds_opt_alloc [26] | ZT | GH | ||
krb5_get_init_creds_opt_free [27] | ZT | GH | ||
krb5_get_init_creds_opt_get_fast_flags [28] | ZT | GH | ||
krb5_get_init_creds_opt_init [29] | ZT | GH | ||
krb5_get_init_creds_opt_set_address_list [30] | ZT | GH | ||
krb5_get_init_creds_opt_set_anonymous [31] | ZT | GH | ||
krb5_get_init_creds_opt_set_canonicalize [32] | ZT | GH | ||
krb5_get_init_creds_opt_set_change_password_prompt [33] | ZT | GH | ||
krb5_get_init_creds_opt_set_etype_list [34] | ZT | GH | ||
krb5_get_init_creds_opt_set_expire_callback [35] | ZT | GH | ||
krb5_get_init_creds_opt_set_fast_ccache [36] | ZT | GH | ||
krb5_get_init_creds_opt_set_fast_ccache_name [37] | ZT | GH | ||
krb5_get_init_creds_opt_set_fast_flags [38] | ZT | GH | ||
krb5_get_init_creds_opt_set_forwardable [39] | ZT | GH | ||
krb5_get_init_creds_opt_set_out_ccache [40] | ZT | GH | ||
krb5_get_init_creds_opt_set_pa [41] | ZT | GH | ||
krb5_get_init_creds_opt_set_preauth_list [42] | ZT | GH | ||
krb5_get_init_creds_opt_set_proxiable [43] | ZT | GH | ||
krb5_get_init_creds_opt_set_renew_life [44] | ZT | GH | ||
krb5_get_init_creds_opt_set_salt [45] | ZT | GH | ||
krb5_get_init_creds_opt_set_tkt_life [46] | ZT | GH | ||
krb5_get_init_creds_password [47] | ZT | GH | ||
krb5_get_profile [48] | ZT | GH | ||
krb5_get_prompt_types [49] | ZT | GH | ||
krb5_get_renewed_creds [50] | ZT | GH | ||
krb5_get_validated_creds [51] | ZT | GH | ||
krb5_init_context [52] | ZT | GH | ||
krb5_init_secure_context [53] | ZT | GH | ||
krb5_is_config_principal [54] | ZT | GH | ||
krb5_is_thread_safe [55] | ZT | GH | ||
krb5_kt_close [56] | ZT | GH | ||
krb5_kt_default [57] | ZT | GH | ||
krb5_kt_default_name [58] | ZT | GH | ||
krb5_kt_get_name [59] | ZT | GH | ||
krb5_kt_get_type [60] | ZT | GH | ||
krb5_kt_resolve [61] | ZT | GH | ||
krb5_kuserok [62] | ZT | GH | ||
krb5_parse_name [63] | ZT | GH | ||
krb5_parse_name_flags [64] | ZT | GH | ||
krb5_principal_compare [65] | ZT | GH | ||
krb5_principal_compare_any_realm [66] | ZT | GH | ||
krb5_principal_compare_flags [67] | ZT | GH | ||
krb5_prompter_posix [68] | ZT | GH | ||
krb5_realm_compare [69] | ZT | GH | ||
krb5_recvauth [70] | ZT | GH | ||
krb5_recvauth_version [71] | ZT | GH | ||
krb5_set_default_realm [72] | ZT | GH | ||
krb5_set_password [73] | ZT | GH | ||
krb5_set_password_using_ccache [74] | ZT | GH | ||
krb5_set_principal_realm [75] | ZT | GH | ||
krb5_set_trace_callback [76] | ZT | GH | ||
krb5_set_trace_filename [77] | ZT | GH | ||
krb5_sname_to_principal [78] | ZT | GH | ||
krb5_unparse_name [79] | ZT | GH | ||
krb5_unparse_name_ext [80] | ZT | GH | ||
krb5_unparse_name_flags [81] | ZT | GH | ||
krb5_unparse_name_flags_ext [82] | ZT | GH | ||
krb5_us_timeofday [83] | ZT | GH | ||
krb5_verify_authdata_kdc_issued [84] | ZT | GH |
We may want to have more examples for some of the common API functions.
Manpage proofreading
manpage | original | reviewer | comments |
---|---|---|---|
k5identity.5 | src/gen-manpages/k5identity.M | GH | |
k5login.5 | src/gen-manpages/k5login.M | GH | |
k5srvutil.1 | src/kadmin/cli/k5srvutil.M | GH | |
kadmin.1 | src/kadmin/cli/kadmin.M | GH | |
kadmind.8 | src/kadmin/server/kadmind.M | GH | |
kdb5_ldap_util.8 | src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.M | GH | |
kdb5_util.8 | src/kadmin/dbutil/kdb5_util.M | GH | |
kdc.conf.5 | src/config-files/kdc.conf.M | GH | |
kdestroy.1 | src/clients/kdestroy/kdestroy.M | GH | |
kinit.1 | src/clients/kinit/kinit.M | GH | |
kpasswd.1 | src/clients/kpasswd/kpasswd.M | GH | |
kprop.8 | src/slave/kprop.M | GH | |
kpropd.8 | src/slave/kpropd.M | GH | |
kproplog.8 | src/slave/kproplog.M | GH | |
krb5-send-pr.1 | src/util/send-pr/send-pr.1 | copyright issues. Removed from the documentation | |
krb5.conf.5 | src/config-files/krb5.conf.M | GH | |
krb5kdc.8 | src/kdc/krb5kdc.M | GH | |
ksu.1 | src/clients/ksu/ksu.M | GH | needs rewrite |
kswitch.1 | src/clients/kswitch/kswitch.M | GH | |
kvno.1 | src/clients/kvno/kvno.M | GH | |
sclient.1 | src/appl/sample/sclient/sclient.M | GH | |
sserver.8 | src/appl/sample/sserver/sserver.M | GH |
Abbreviations
abbreviation | full names? |
---|---|
GH | Greg Hudson |
KR | Ken Raeburn |
MIT | MITKC group |
NW | Nico Williams |
TH | Thomas Hardjono |
TY | Tom Yu |
ZT | Zhanna Tsitkov |