Release Meeting Minutes/2011-01-04

From K5Wiki

< Release Meeting Minutes

Jump to: navigation, search

Thomas Hardjono, Greg Hudson, Tom Yu, Zhanna Tsitkova, Sam Hartman, Will Fiveash

Some questions on #kerberos IRC, kpasswd IPv6 privacy addresses, NAT, etc. Some discussion about directional address transition.

krb5-1.9 patch release priorities

Greg: export_sec_context bug (Arlene Berry) high priority.

Tom: SAP? initiator-specific?

Sam: Yes. Think about running SAP gsstest program. Some fairly serious 1.8 bugs are just beginning to surface.

krb5-1.10 planning

Greg: Previously mentioned: Localization. Kernel subset. Pluggable configuration.

Sam: libkdc. Referrals (including IETF work). PKINIT hash agility. More automation around anonymous pkinit to enable OTP and general security improvements.

Greg: Auto-populate ccache (from keytabs, anon-PKINIT).

Greg: Might end up knowing KDC supports FAST, unable to use because client was misled about anon-PKINIT support.

Sam: If you assume keytab keys are strong, not hard on client.

Greg: Did we fix FAST PKINIT?

Sam: Thought we fixed in 1.8. (along with anon-PKINIT)

Greg: A comment in the code implies it's disabled.

Greg: Kernel subset: maybe not full drop-in (file moves, etc.), but build system changes to identify subset files and check dependencies.

Sam: Make it easy to use an arbitrary crypto library for that... people want to use kernel crypto library, etc.

Tom: Apple 64-bit #pragma pack issue.

Sam: It's complicated.

Retrieved from "https://k5wiki.kerberos.org./wiki?title=Release_Meeting_Minutes/2011-01-04&oldid=3743"

Release meeting minutes 2011

Navigation menu