Open issues

As a krb5 operator I want a tool to display the enabled and available crypto algorithms so I can confirm compliance with regulations
KRB-62
As a krb5 distributor or operator I want to disable some crypto algorithms at build time so I can comply with regulations
KRB-58
As a krb5 operator, I want iprop push notifications so I can reduce network traffic and server load
KRB-55
As a user of KfW I want ms2mit to avoid copying tickets when the default ccache is MSLSA: so I am less confused
KRB-51
As a krb5 user at MIT with a SAM2/Duo required account, I want to have distinct error messages for "wrong password" and "Duo error" so I know what actions I should take
KRB-47
As a krb5 user, I want to be able to refer to dates after January 2038.
KRB-46
As a krb5 dev, I want to get Travis CI builds working on OS X so I can increase our CI platform coverage
KRB-45
As a krb5 developer, I want to investigate the Travis-Coverity integration so I can decide whether it's appropriate for us
KRB-44
As a krb5 operator, I want the admin tools to keep me from directly changing the K/M key, so my KDC doesn't get into an inconsistent state
KRB-41
As a KRB team member I want to evaluate Drupal Cloud so I can decide whether it is a suitable means of hosting consolidated Kerberos web content
KRB-37
As an MIT Kerberos stakeholder, I want the content currently at http://web.mit.edu/kerberos/ to be available via HTTPS so I have some assurance about its integrity
KRB-32
As an IS&T staff member, I want a KB article so I can understand where to get MIT-specific answers about Kerberos and related systems
KRB-31
Prepare MIT Duo Kerberos integration source for open-source
KRB-30
As a krb5 operator, I want the KDC to interoperate with Windows PKINIT clients with DH moduli >=2048 bits, so my session keys will be stronger against nation-state attacks
KRB-29
As KRB team member, I want to track interrupts so I can make work visible
KRB-28
As a krb5 user, I want the web documentation for krb5 to indicate whether it reflects a prerelease version, so I can know whether a given docset refers to prerelease software
KRB-25
As a user of KfW, I want KfW to build with PKINIT so I can use PKINIT to get tickets
KRB-24
As a Kerberos stakeholder, I want improved branding so I can be less confused about what names refer to what things
KRB-23
As a krb5 release engineer, I want release notes to be small RST files that get included in various places so I don't have to manually edit so much stuff
KRB-22
As a krb5 release engineer, I want to generate krb5 release web pages from Sphinx so I don't have to manually edit so much stuff
KRB-21
As a krb5 developer, I want to migrate krbdev.mit.edu to a modern OS so I can minimize risks
KRB-20
As a krb5 developer I want to upgrade or replace my Mac Pro to have considerably more than 8GB RAM so I can run multiple Windows VMs without constant swapping
KRB-17
As an external Kerberos stakeholder, I want a publicly viewable Agile board for the KRB project so I have visibility into the work
KRB-16
As a krb5 developer, I want to eliminate our dependency on dejagnu so I can make the test suite more robust and easier for builders to run
KRB-15
As a krb5 developer, I want utility macros for gcc attributes so I don't have to write several lines of stuff every time I annotate a function declaration as being printf-like
KRB-14
As a WIN domain administrator, I want KfW to be usable when UAC is turned on so that domain users can do things that require UAC
KRB-13
As a security-conscious user, I want to have mutual authentication which cannot be compromised by DNS spoofing
KRB-12
As a security-conscious Kerberos user, I want session keys to have forward secrecy
KRB-11
As a security-conscious Kerberos user, I want to get initial tickets using a password (and possibly a second factor) without exposing the password to dictionary attack.
KRB-10
As a developer of GSS-API applications, I want Unix manpages for the GSS-API so I can quickly look up how to use the GSS-API
KRB-8
As a krb5 operator I want to dump multiple record types into a single file using one invocation of kdb5_util tabdump so I can transfer the information as a single file
KRB-3
As a krb5 operator, I want a reporting-friendly KDB dump format so I can more easily produce reports and analyze the KDB contents
KRB-2
As a user of krb5 command line tools I want to have a consistent getopt()-based command syntax for all commands so I don't have to learn numerous idiosyncratic command syntaxes
KRB-1
As a krb5 administrator, I want to be able to specify which addresses kpropd listen on
KRB-52
As a WIN domain user of KfW, I want kinit to always default to my ATHENA principal name so I don't have to type it explicitly
KRB-5
issue 1 of 35

As a krb5 operator I want a tool to display the enabled and available crypto algorithms so I can confirm compliance with regulations

Description

This should be a run-time tool that might resemble "openssl ciphers". It could be used to demonstrate to regulators, auditor, etc. that weak algorithms are disabled or not compiled in. We probably want to display separate lists for compiled-in vs enabled (and different sorts of being enabled).

Status

Assignee

Unassigned

Reporter

Tom Yu

Labels

None

Priority

Normal