- (dtucker) [TODO WARNING.RNG] Update to reflect current reality. ok djm@

This commit is contained in:
Darren Tucker 2004-12-06 22:40:10 +11:00
parent c13866719f
commit ba2abb3699
3 changed files with 10 additions and 19 deletions

View File

@ -1,3 +1,6 @@
20041206
- (dtucker) [TODO WARNING.RNG] Update to reflect current reality. ok djm@
20041203
- (dtucker) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2004/11/07 17:42:36
@ -1870,4 +1873,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
$Id: ChangeLog,v 1.3584 2004/12/03 03:33:47 dtucker Exp $
$Id: ChangeLog,v 1.3585 2004/12/06 11:40:10 dtucker Exp $

13
TODO
View File

@ -30,13 +30,8 @@ Programming:
- More platforms for for setproctitle() emulation (testing needed)
- Improve PAM support (a pam_lastlog module will cause sshd to exit)
and maybe support alternate forms of authentications like OPIE via
pam?
- Improve PAM ChallengeResponseAuthentication
- Informational messages
- chauthtok
- Use different PAM service name for kbdint vs regular auth (suggest from
Solar Designer)
- Ability to select which ChallengeResponseAuthentications may be used
@ -59,8 +54,6 @@ Clean up configure/makefiles:
information in wtmpx or utmpx or any of that stuff if it's not detected
from the start
- Fails to compile when cross compile. (vinschen@redhat.com)
- Replace the whole u_intXX_t evilness in acconfig.h with something better???
- Do it in configure.ac
@ -72,10 +65,6 @@ Clean up configure/makefiles:
entropy related stuff into another.
Packaging:
- Solaris: Update packaging scripts and build new sysv startup scripts
Ideally the package metadata should be generated by autoconf.
(gilbert.r.loomis@saic.com)
- HP-UX: Provide DEPOT package scripts.
(gilbert.r.loomis@saic.com)
@ -94,4 +83,4 @@ PrivSep Issues:
- Cygwin
+ Privsep for Pre-auth only (no fd passing)
$Id: TODO,v 1.57 2004/02/11 09:44:13 dtucker Exp $
$Id: TODO,v 1.58 2004/12/06 11:40:11 dtucker Exp $

View File

@ -55,11 +55,10 @@ Executing each program in the list can take a large amount of time,
especially on slower machines. Additionally some program can take a
disproportionate time to execute.
Tuning the default entropy collection code is difficult at this point.
It requires doing 'times ./ssh-rand-helper' and modifying the
($etcdir)/ssh_prng_cmds until you have found the issue. In the next
release we will be looking at support '-v' for verbose output to allow
easier debugging.
Tuning the random helper can be done by running ./ssh-random-helper in
very verbose mode ("-vvv") and identifying the commands that are taking
accessive amounts of time or hanging altogher. Any problem commands can
be modified or removed from ssh_prng_cmds.
The default entropy collector will timeout programs which take too long
to execute, the actual timeout used can be adjusted with the
@ -93,4 +92,4 @@ If you are forced to use ssh-rand-helper consider still downloading
prngd/egd and configure OpenSSH using --with-prngd-port=xx or
--with-prngd-socket=xx (refer to INSTALL for more information).
$Id: WARNING.RNG,v 1.6 2003/11/21 12:48:55 djm Exp $
$Id: WARNING.RNG,v 1.7 2004/12/06 11:40:11 dtucker Exp $