[pubcookie-dev] Re: proposed items for pubcookie 3.3.0
miner at doit.wisc.edu
Tue Nov 15 19:21:47 PST 2005
I checked in the changes for the 64-bit compilation, which fixes all of
the problems that we had seen on Opteron systems.. We've got a guy here
with an Athalon-64 (which I thought was an Opteron, but it aparently
isn't), and he's going to check it out too. (We're working on acquiring
a 64-bit test machine of our own, too.)
The SSL certificate authentication is proving harder than I thought (the
OpenLDAP API is so badly documented), but I'm working on it. If we need
to release before I get it done, that's OK, even though it bothers me
Ditto for the LDAP_API_VERSION, which also seems to be an OpenLDAP-ism
(or is defined in a yet-to-be released RFC, but has been available as a
draft since 1999 or so). It's on the list, but I don't know.
Brad's been thinking about some changes on the Windows side, to use
something that I think is called the "Metabase" instead of putting all
the config in the registry, as that is where all new IIS stuff keeps
it's config (but I have no idea about that Windows stuff).
I'm going to move Jim's cookie iteration code to our CVS here and see if
that fixes the issues that we found.
I think that's it. Peace.
* Nathan Dors (dors at cac.washington.edu) [051018 17:00]:
> I've made an initial pass thru the documentation, probably good
> enough for a beta release.
> We're feeling a bit of pressure here to release some of the 3.3
> improvements (most notably the mods related to pre-session cookie
> handling). So what's the status of some of the other in-progress
> items below? Jon, Bradley...?
> Meanwhile I'm going to look at those inheritance issues in the
> On Wed, 12 Oct 2005, Nathan Dors wrote:
> >Here's a quick update on what I think we should try to accomplish with the
> >3.3.0 release. This first batch of items are in progress:
> > - SSL cert authentication for ldap verifier (Jon)
> > - pbc_time_t, a better fix for 64-bit systems (Jon?)
> > - make login cgi iterate thru pubcookie_l cookies (UWisc)
> > - new eventlog source names for filter instances (UWash)
> > - use of LDAP_API_VERSION instead of LDAP_VENDOR_VERSION (Jon?)
> > - solve filter root site protection inheritance problems
> > - proper documentation for ldap_uri as list of failover uris
> > - document new features and changes
> >These items have already been checked into cvs, but may need further
> >testing, documenting, etc.:
> > - AES encryption support
> > - wildcard subdomain key support to login cgi and module
> > - Klas Lindfors' patch for extending krb5 ticket lifetime
> > - removed pre-session cookie handling for POST login method
> > - login cgi support for PUBCOOKIE_LOGIN_CONFIG_FILE variable
> > - changed minimum LDAP_VENDOR_VERSION for Sun LDAP libs
> > - minor login cgi fixes: error handling, cookie clearing
> > - initial fixes for 64-bit systems (time_t to int)
> > - removed remnants of Enterprise_Domain from MMC extension
> > - other minor changes and fixes I don't have handy
> >This seems like a good place to draw the line and get this stuff released.
> >We can take up the issue of what's next separately.
> >Agreed? Any other items or comments?
> pubcookie-dev mailing list
> pubcookie-dev at u.washington.edu
.Jonathan J. Miner------------------Division of Information Technology.
|miner at doit.wisc.edu University Of Wisconsin - Madison|
|608/262.9655 Room 3146 Computer Science|
Weaseling out of things is important to learn. It's what separates us
from the animals. Except the weasel.
-- Homer Simpson
Boy-Scoutz n the Hood
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2132 bytes
Desc: not available
Url : http://mailman1.u.washington.edu/pipermail/pubcookie-dev/attachments/20051115/59b6cb1e/smime-0001.bin
More information about the pubcookie-dev