Release Meeting Minutes/2012-02-14
Will Fiveash, Carlos Garay, Thomas Hardjono, Greg Hudson, Nathaniel McCallum, Simo Sorce, Zhanna Tsitkova, Tom Yu
- Use -Bgroup or RTLD_DEEPBIND on Linux
- sshd on Solaris links gss but dlopens krb5. no RTLD_GROUP in libpam source on Solaris.
- RTLD_GROUP is unfriendly to module developers; they have to do extra work.
- Could try making glibc devs fix it.
- SSSD only depends on libc. Pipes to other stuff.
- Document this mess?
- Maybe on the wiki.
- Could clean up my minimal test case to demo problem.
- Where is RTLD_GROUP checked?
- If dlfcn.h has it, we assume it works.
- Preauth sets? No existing plan for 1.11. 3 pieces:
- FAST cookies
- Flexible KDC configuration for preauth requirements per principal
- Actual preauth sets
- OTP uses the armor key as reply key. In some ways this is weaker than SAM2 with password.
- collect-pin / do-not-collect-pin / separate-pin-required. Separate means 2 prompts. Insert into otp-pin / otp-value fields. collect-pin -- PIN will always be part of key generation. Think PIN should always be included.