Release Meeting Minutes/2011-01-04
From K5Wiki
Thomas Hardjono, Greg Hudson, Tom Yu, Zhanna Tsitkova, Sam Hartman, Will Fiveash
Some questions on #kerberos
IRC, kpasswd IPv6 privacy addresses, NAT, etc. Some discussion about directional address transition.
krb5-1.9 patch release priorities
- Greg
- export_sec_context bug (Arlene Berry) high priority.
- Tom
- SAP? initiator-specific?
- Sam
- Yes. Think about running SAP gsstest program. Some fairly serious 1.8 bugs are just beginning to surface.
krb5-1.10 planning
- Greg
- Previously mentioned: Localization. Kernel subset. Pluggable configuration.
- Sam
- libkdc. Referrals (including IETF work). PKINIT hash agility. More automation around anonymous pkinit to enable OTP and general security improvements.
- Greg
- Auto-populate ccache (from keytabs, anon-PKINIT).
- Greg
- Might end up knowing KDC supports FAST, unable to use because client was misled about anon-PKINIT support.
- Sam
- If you assume keytab keys are strong, not hard on client.
- Greg
- Did we fix FAST PKINIT?
- Sam
- Thought we fixed in 1.8. (along with anon-PKINIT)
- Greg
- A comment in the code implies it's disabled.
- Greg
- Kernel subset: maybe not full drop-in (file moves, etc.), but build system changes to identify subset files and check dependencies.
- Sam
- Make it easy to use an arbitrary crypto library for that... people want to use kernel crypto library, etc.
- Tom
- Apple 64-bit
#pragma pack
issue.
- Sam
- It's complicated.