What's missing in fast-otp?
Linus Nordberg
linus at nordu.net
Mon Jul 18 08:11:53 EDT 2011
Hi,
I'm working on getting branch fast-otp of
https://github.com/ln5/krb5-anonsvn (implementing
draft-ietf-krb-wg-otp-preauth) good enough for inclusion in MIT's repo.
What issues are there?
- Using two new krbExtraInfo types
#define KRB5_TL_OTP_ID 0x0800 /* OTP token id */
#define KRB5_TL_OTP_BLOB 0x1000 /* OTP binary blob */
Greg on IRC: "It's on our list to create a more scalable extension for
principal entries. (Possibly just a tl-data type containing a
string/string mapping.)"
- Dependencies -- we depend on libykclient and libcurl
Is this acceptable? With a configure option `--enable-plugin-otp'?
- Code quality -- a review would be valuable
- Verification of KDC nonce -- trying to find out if the PA-FX-COOKIE
can help here.
- Standard compliance and completeness -- we're far from implementing
all of draft-ietf-krb-wg-otp-preauth
- Test suite -- what's the preferred way of adding tests for this?
Thanks,
Linus
More information about the krbdev
mailing list