logo_kerberos.gif

Release Meeting Minutes/2011-01-04

From K5Wiki
< Release Meeting Minutes
Revision as of 16:32, 10 January 2011 by TomYu (talk | contribs) (New page: {{minutes|2011}} Thomas Hardjono, Greg Hudson, Tom Yu, Zhanna Tsitkova, Sam Hartman, Will Fiveash Some questions on <code>#kerberos</code> IRC, kpasswd IPv6 privacy addresses, NAT, etc. ...)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Thomas Hardjono, Greg Hudson, Tom Yu, Zhanna Tsitkova, Sam Hartman, Will Fiveash

Some questions on #kerberos IRC, kpasswd IPv6 privacy addresses, NAT, etc. Some discussion about directional address transition.

krb5-1.9 patch release priorities

Greg
export_sec_context bug (Arlene Berry) high priority.
Tom
SAP? initiator-specific?
Sam
Yes. Think about running SAP gsstest program. Some fairly serious 1.8 bugs are just beginning to surface.

krb5-1.10 planning

Greg
Previously mentioned: Localization. Kernel subset. Pluggable configuration.
Sam
libkdc. Referrals (including IETF work). PKINIT hash agility. More automation around anonymous pkinit to enable OTP and general security improvements.
Greg
Auto-populate ccache (from keytabs, anon-PKINIT).
Greg
Might end up knowing KDC supports FAST, unable to use because client was misled about anon-PKINIT support.
Sam
If you assume keytab keys are strong, not hard on client.
Greg
Did we fix FAST PKINIT?
Sam
Thought we fixed in 1.8. (along with anon-PKINIT)
Greg
A comment in the code implies it's disabled.
Greg
Kernel subset: maybe not full drop-in (file moves, etc.), but build system changes to identify subset files and check dependencies.
Sam
Make it easy to use an arbitrary crypto library for that... people want to use kernel crypto library, etc.
Tom
Apple 64-bit #pragma pack issue.
Sam
It's complicated.