Difference between revisions of "Projects/Documentation Tasks"
From K5Wiki
< Projects
m |
(Updated the list based on the Russ Allbery review of the topics) |
||
| Line 71: | Line 71: | ||
| <ul><li> Delegating credentials</ul>|| MIT || || || |
| <ul><li> Delegating credentials</ul>|| MIT || || || |
||
|- |
|- |
||
| − | | <ul><li> Available extensions</ul>|| |
+ | | <ul><li> Available extensions</ul>|| || || || |
|- |
|- |
||
| <ul><li> Thread safety</ul>|| || || || |
| <ul><li> Thread safety</ul>|| || || || |
||
| + | |- |
||
| + | | <ul><li> Validating the flags set on the connection to ensure things like mutual authentication, confidentiality, integrity, replay protection, and sequence protection</ul>|| || || || |
||
|- |
|- |
||
| Developing plugins|| GH || || || |
| Developing plugins|| GH || || || |
||
| Line 84: | Line 86: | ||
|- |
|- |
||
| <ul><li> A more advanced introduction to using the Kerberos libraries for initial authentication, focusing on the authentication steps, validating initial credential</ul>|| TY || || || |
| <ul><li> A more advanced introduction to using the Kerberos libraries for initial authentication, focusing on the authentication steps, validating initial credential</ul>|| TY || || || |
||
| + | |- |
||
| + | | <ul><li> Kerberos prompter behavior</ul>|| || || || |
||
|- |
|- |
||
| <ul><li> An introduction to ticket caches and keytabs and their corresponding APIs </ul>|| || || || |
| <ul><li> An introduction to ticket caches and keytabs and their corresponding APIs </ul>|| || || || |
||
| Line 92: | Line 96: | ||
|- |
|- |
||
| <ul><li> Thread safety</ul>|| || || || |
| <ul><li> Thread safety</ul>|| || || || |
||
| + | |- |
||
| + | | <ul><li> Password change including the automatic internal support for password change on expired passwords if a prompter is provided</ul>|| || || || |
||
| + | |- |
||
| + | | <ul><li> krb5_appdefault_* functions and their alternatives </ul>|| || || || |
||
|- |
|- |
||
| MIT Kerberos features : quick facts || ZT || || || ongoing |
| MIT Kerberos features : quick facts || ZT || || || ongoing |
||
| Line 115: | Line 123: | ||
|- |
|- |
||
|<ul><li>Replication</ul>|| || || || |
|<ul><li>Replication</ul>|| || || || |
||
| + | |- |
||
| + | |<ul><li> DNS configuration and SRV records - how they are used, in what order</ul>|| || || || |
||
|- |
|- |
||
| Integration Kerberos with Login System|| || || || |
| Integration Kerberos with Login System|| || || || |
||
| + | |- |
||
| + | | <ul><li> Difference between real Kerberos authentication, Kerberos password verification on the server side, and "LDAP authentication" in a Kerberos environment</ul>|| || || || |
||
|- |
|- |
||
| <ul><li> Validating Kerberos tickets</ul>|| || || || |
| <ul><li> Validating Kerberos tickets</ul>|| || || || |
||
| Line 129: | Line 141: | ||
|- |
|- |
||
| <ul><li>cross-realm interaction with AD </ul>|| || || || |
| <ul><li>cross-realm interaction with AD </ul>|| || || || |
||
| + | |- |
||
| + | | <ul><li> Transitive trust</ul>|| || || || |
||
| + | |- |
||
| + | | <ul><li> Referrals</ul>|| || || || |
||
|- |
|- |
||
| Performance|| || || || |
| Performance|| || || || |
||
| Line 136: | Line 152: | ||
| <ul><li> Performance tradeoffs</ul>|| || || || |
| <ul><li> Performance tradeoffs</ul>|| || || || |
||
|- |
|- |
||
| − | | |
+ | | kadmin interface|| || || || |
| + | |- |
||
| + | | <ul><li> Keying workstation/ host key setting</ul>|| || || || |
||
|- |
|- |
||
| Using Smartcard with PKINIT|| || || || |
| Using Smartcard with PKINIT|| || || || |
||
| Line 157: | Line 173: | ||
|- |
|- |
||
| <ul><li>Trace logging</ul>||GH || || || |
| <ul><li>Trace logging</ul>||GH || || || |
||
| + | |- |
||
| + | | <ul><li>Realm renaming </ul>|| || || || |
||
|- |
|- |
||
| Using LDAP server for Kerberos backend|| ZT || || || Ubuntu 10.4 (lucid) |
| Using LDAP server for Kerberos backend|| ZT || || || Ubuntu 10.4 (lucid) |
||
Revision as of 12:21, 27 September 2011
This is an early stage project for MIT Kerberos. It is being fleshed out by its proponents. Feel free to help flesh out the details of this project. After the project is ready, it will be presented for review and approval.
Contents
Purpose
To keep track of the various tasks that need to be documented such as function documentation, administration, troubleshooting etc.
| Doc-type/Reader | Architectural Guide | Setup & Config of Kerberos | Admin & Operations of Kerberos | Custom Build | API Description | API Details |
|---|---|---|---|---|---|---|
| End-users | ||||||
| Architects | ||||||
| System Admins | ||||||
| Application Developers | ||||||
| GSSAPI Developers | ||||||
| Kerberos Developers |
Application development
| task | who writes? | who reviews? | reviewed? | comments |
|---|---|---|---|---|
| Designing a new protocol, or extending existing one, to use GSS-API | ||||
| Choosing security API | ||||
|
||||
|
||||
| GSS-API | ||||
|
||||
|
||||
|
||||
|
GH | |||
|
||||
|
||||
|
||||
|
MIT | |||
|
||||
|
||||
|
||||
| Developing plugins | GH | |||
|
||||
|
||||
| Krb5 library guide | ||||
|
TY | |||
|
||||
|
||||
|
||||
|
TY | |||
|
||||
|
||||
|
||||
| MIT Kerberos features : quick facts | ZT | ongoing |
Administration
| task | who writes? | who reviews? | reviewed? | comments |
|---|---|---|---|---|
| Setting a new realm | ||||
|
||||
|
||||
|
||||
| Integration Kerberos with Login System | ||||
|
||||
|
||||
|
||||
|
||||
|
||||
| Cross-realm | ||||
|
||||
|
||||
|
||||
| Performance | ||||
|
||||
|
||||
| kadmin interface | ||||
|
||||
| Using Smartcard with PKINIT | ||||
| Kerberized ssh | ||||
|
||||
|
||||
| Selecting and configuring plugins | GH | |||
| Anonymity support | ||||
| A guide to principal naming basics and structure | ||||
| Troubleshooting | ||||
|
ZT | ongoing | ||
|
GH | |||
|
||||
| Using LDAP server for Kerberos backend | ZT | Ubuntu 10.4 (lucid) |
API documentation
Most commonly used API functions (in alphabetical order)
| API | who writes? | who reviews? | reviewed? | comments |
|---|---|---|---|---|
| krb5_build_principal [1] | ZT | GH | ||
| krb5_build_principal_alloc_va [2] | ZT | GH | ||
| krb5_build_principal_ext [3] | ZT | GH | ||
| krb5_cc_close [4] | ZT | GH | ||
| krb5_cc_default [5] | ZT | GH | ||
| krb5_cc_default_name [6] | ZT | GH | ||
| krb5_cc_destroy [7] | ZT | GH | ||
| krb5_cc_dup [8] | ZT | GH | ||
| krb5_cc_get_name [9] | ZT | GH | ||
| krb5_cc_get_principal [10] | ZT | GH | ||
| krb5_cc_get_type [11] | ZT | GH | ||
| krb5_cc_initialize [12] | ZT | GH | ||
| krb5_cc_new_unique [13] | ZT | GH | ||
| krb5_cc_resolve [14] | ZT | GH | ||
| krb5_change_password [15] | ZT | GH | ||
| krb5_free_context [16] | ZT | GH | ||
| krb5_free_error_message [17] | ZT | GH | ||
| krb5_free_principal [18] | ZT | GH | ||
| krb5_fwd_tgt_cred [19] | ZT | GH | Needs example | |
| krb5_get_default_realm [20] | ZT | GH | ||
| krb5_get_error_message [21] | ZT | GH | ||
| krb5_get_host_realm [22] | ZT | GH | ||
| krb5_get_credentials [23] | ZT | GH | ||
| krb5_get_fallback_host_realm [24] | ZT | GH | ||
| krb5_get_init_creds_keytab [25] | ZT | GH | ||
| krb5_get_init_creds_opt_alloc [26] | ZT | GH | ||
| krb5_get_init_creds_opt_free [27] | ZT | GH | ||
| krb5_get_init_creds_opt_get_fast_flags [28] | ZT | GH | ||
| krb5_get_init_creds_opt_init [29] | ZT | GH | ||
| krb5_get_init_creds_opt_set_address_list [30] | ZT | GH | ||
| krb5_get_init_creds_opt_set_anonymous [31] | ZT | GH | ||
| krb5_get_init_creds_opt_set_canonicalize [32] | ZT | GH | ||
| krb5_get_init_creds_opt_set_change_password_prompt [33] | ZT | GH | ||
| krb5_get_init_creds_opt_set_etype_list [34] | ZT | GH | ||
| krb5_get_init_creds_opt_set_expire_callback [35] | ZT | GH | ||
| krb5_get_init_creds_opt_set_fast_ccache [36] | ZT | GH | ||
| krb5_get_init_creds_opt_set_fast_ccache_name [37] | ZT | GH | ||
| krb5_get_init_creds_opt_set_fast_flags [38] | ZT | GH | ||
| krb5_get_init_creds_opt_set_forwardable [39] | ZT | GH | ||
| krb5_get_init_creds_opt_set_out_ccache [40] | ZT | GH | ||
| krb5_get_init_creds_opt_set_pa [41] | ZT | GH | ||
| krb5_get_init_creds_opt_set_preauth_list [42] | ZT | GH | ||
| krb5_get_init_creds_opt_set_proxiable [43] | ZT | GH | ||
| krb5_get_init_creds_opt_set_renew_life [44] | ZT | GH | ||
| krb5_get_init_creds_opt_set_salt [45] | ZT | GH | ||
| krb5_get_init_creds_opt_set_tkt_life [46] | ZT | GH | ||
| krb5_get_init_creds_password [47] | ZT | GH | ||
| krb5_get_profile [48] | ZT | GH | ||
| krb5_get_prompt_types [49] | ZT | GH | ||
| krb5_get_renewed_creds [50] | ZT | GH | ||
| krb5_get_validated_creds [51] | ZT | GH | ||
| krb5_init_context [52] | ZT | GH | ||
| krb5_init_secure_context [53] | ZT | GH | ||
| krb5_is_config_principal [54] | ZT | GH | ||
| krb5_is_thread_safe [55] | ZT | GH | ||
| krb5_kt_close [56] | ZT | GH | ||
| krb5_kt_default [57] | ZT | GH | ||
| krb5_kt_default_name [58] | ZT | GH | ||
| krb5_kt_get_name [59] | ZT | GH | ||
| krb5_kt_get_type [60] | ZT | GH | ||
| krb5_kt_resolve [61] | ZT | GH | ||
| krb5_kuserok [62] | ZT | GH | ||
| krb5_parse_name [63] | ZT | GH | ||
| krb5_parse_name_flags [64] | ZT | GH | ||
| krb5_principal_compare [65] | ZT | GH | ||
| krb5_principal_compare_any_realm [66] | ZT | GH | ||
| krb5_principal_compare_flags [67] | ZT | GH | ||
| krb5_prompter_posix [68] | ZT | GH | ||
| krb5_realm_compare [69] | ZT | GH | ||
| krb5_recvauth [70] | ZT | GH | ||
| krb5_recvauth_version [71] | ZT | GH | ||
| krb5_set_default_realm [72] | ZT | GH | ||
| krb5_set_password [73] | ZT | GH | ||
| krb5_set_password_using_ccache [74] | ZT | GH | ||
| krb5_set_principal_realm [75] | ZT | GH | ||
| krb5_set_trace_callback [76] | ZT | GH | ||
| krb5_set_trace_filename [77] | ZT | GH | ||
| krb5_sname_to_principal [78] | ZT | GH | ||
| krb5_unparse_name [79] | ZT | GH | ||
| krb5_unparse_name_ext [80] | ZT | GH | ||
| krb5_unparse_name_flags [81] | ZT | GH | ||
| krb5_unparse_name_flags_ext [82] | ZT | GH | ||
| krb5_us_timeofday [83] | ZT | GH | ||
| krb5_verify_authdata_kdc_issued [84] | ZT | GH |
Abbreviations
| abbreviation | full names? |
|---|---|
| GH | Greg Hudson |
| MIT | MITKC group |
| TY | Tom Yu |
| ZT | Zhanna Tsitkova |
