Difference between revisions of "Roadmap MIT KDC"

From SambaWiki
Line 6: Line 6:
   
 
* Implement KDC-canon tests for MIT KDC -> source4/torture/krb5/kdc-canon-heimdal.c
 
* Implement KDC-canon tests for MIT KDC -> source4/torture/krb5/kdc-canon-heimdal.c
  +
* PKINIT support required for using smart cards
* Support for S4U2Self
 
  +
* Service for User to Self-service (S4U2self)
* Support for S4U2Proxy
 
  +
* Service for User to Proxy (S4U2proxy)
* Add tests for PKINIT support
 
 
* Add auth logging support ([https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/master-mit-kdc-ok WIP branch])
 
* Add auth logging support ([https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/master-mit-kdc-ok WIP branch])
  +
* Computer GPO's are not applied, see [https://bugzilla.samba.org/show_bug.cgi?id=13516 Bug 13516]
 
* Define API for a libkdc in MIT Kerberos
 
* Define API for a libkdc in MIT Kerberos
  +
* Running as a Read only domain controller (RODC)
* RODC support
 

Revision as of 08:43, 6 March 2019

Samba AD with MIT KDC

This page lists tasks which need to be done to bring the MIT KDC support for Samba AP on the same functional level as we have with Heimdal. We need help to implement those features. Let us know if you want to pick up a talk, the Samba Team is not actively working on those!

TODO

  • Implement KDC-canon tests for MIT KDC -> source4/torture/krb5/kdc-canon-heimdal.c
  • PKINIT support required for using smart cards
  • Service for User to Self-service (S4U2self)
  • Service for User to Proxy (S4U2proxy)
  • Add auth logging support (WIP branch)
  • Computer GPO's are not applied, see Bug 13516
  • Define API for a libkdc in MIT Kerberos
  • Running as a Read only domain controller (RODC)