[pubcookie-dev] Re: proposed items for pubcookie 3.3.0

Jon Miner miner at doit.wisc.edu
Tue Nov 15 19:21:47 PST 2005 

I checked in the changes for the 64-bit compilation, which fixes all of
the problems that we had seen on Opteron systems..  We've got a guy here
with an Athalon-64 (which I thought was an Opteron, but it aparently
isn't), and he's going to check it out too.  (We're working on acquiring
a 64-bit test machine of our own, too.)

The SSL certificate authentication is proving harder than I thought (the
OpenLDAP API is so badly documented), but I'm working on it.  If we need
to release before I get it done, that's OK, even though it bothers me
greatly. :)

Ditto for the LDAP_API_VERSION, which also seems to be an OpenLDAP-ism
(or is defined in a yet-to-be released RFC, but has been available as a
draft since 1999 or so).  It's on the list, but I don't know.

Brad's been thinking about some changes on the Windows side, to use
something that I think is called the "Metabase" instead of putting all
the config in the registry, as that is where all new IIS stuff keeps
it's config (but I have no idea about that Windows stuff).

I'm going to move Jim's cookie iteration code to our CVS here and see if
that fixes the issues that we found.

I think that's it.  Peace.

jon

* Nathan Dors (dors at cac.washington.edu) [051018 17:00]:
> I've made an initial pass thru the documentation, probably good 
> enough for a beta release.
> 
> We're feeling a bit of pressure here to release some of the 3.3 
> improvements (most notably the mods related to pre-session cookie 
> handling). So what's the status of some of the other in-progress 
> items below? Jon, Bradley...?
> 
> Meanwhile I'm going to look at those inheritance issues in the 
> filter.
> 
> -Nathan
> 
> On Wed, 12 Oct 2005, Nathan Dors wrote:
> 
> >Here's a quick update on what I think we should try to accomplish with the 
> >3.3.0 release. This first batch of items are in progress:
> >
> > - SSL cert authentication for ldap verifier (Jon)
> > - pbc_time_t, a better fix for 64-bit systems (Jon?)
> > - make login cgi iterate thru pubcookie_l cookies (UWisc)
> > - new eventlog source names for filter instances (UWash)
> > - use of LDAP_API_VERSION instead of LDAP_VENDOR_VERSION (Jon?)
> > - solve filter root site protection inheritance problems
> > - proper documentation for ldap_uri as list of failover uris
> > - document new features and changes
> >
> >These items have already been checked into cvs, but may need further 
> >testing, documenting, etc.:
> >
> > - AES encryption support
> > - wildcard subdomain key support to login cgi and module
> > - Klas Lindfors' patch for extending krb5 ticket lifetime
> > - removed pre-session cookie handling for POST login method
> > - login cgi support for PUBCOOKIE_LOGIN_CONFIG_FILE variable
> > - changed minimum LDAP_VENDOR_VERSION for Sun LDAP libs
> > - minor login cgi fixes: error handling, cookie clearing
> > - initial fixes for 64-bit systems (time_t to int)
> > - removed remnants of Enterprise_Domain from MMC extension
> > - other minor changes and fixes I don't have handy
> >
> >This seems like a good place to draw the line and get this stuff released. 
> >We can take up the issue of what's next separately.
> >
> >Agreed? Any other items or comments?
> >
> >-Nathan
> >
> _______________________________________________
> pubcookie-dev mailing list
> pubcookie-dev at u.washington.edu
> http://mailman1.u.washington.edu/mailman/listinfo/pubcookie-dev

-- 
.Jonathan J. Miner------------------Division of Information Technology.
|miner at doit.wisc.edu                 University Of Wisconsin - Madison|
|608/262.9655                               Room 3146 Computer Science|
`---------------------------------------------------------------------'

Weaseling out of things is important to learn.  It's what separates us
from the animals.  Except the weasel.
        -- Homer Simpson
           Boy-Scoutz n the Hood
                                                             (420/718)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2132 bytes
Desc: not available
Url : http://mailman1.u.washington.edu/pipermail/pubcookie-dev/attachments/20051115/59b6cb1e/smime-0001.bin

More information about the pubcookie-dev mailing list