Difference between revisions of "Roadmap MIT KDC"

From SambaWiki
(Update)
Line 5: Line 5:
 
== TODO ==
 
== TODO ==
   
 
* ([https://github.com/krb5/krb5/pull/1225 WIP]) Service for User to Self-service (S4U2self)
* Implement KDC-canon tests for MIT KDC -> source4/torture/krb5/kdc-canon-heimdal.c
 
 
* ([https://github.com/krb5/krb5/pull/1225 WIP]) Service for User to Proxy (S4U2proxy)
* PKINIT support required for using smart cards
 
  +
* ([https://github.com/krb5/krb5/pull/1225 WIP]) Resource based constrained delegation
* Service for User to Self-service (S4U2self)
 
* Service for User to Proxy (S4U2proxy)
 
 
* Allow starting the MIT KDC with multiple worker processes (<code>-w numworkers</code>)
 
* Allow starting the MIT KDC with multiple worker processes (<code>-w numworkers</code>)
 
* PKINIT support required for using smart cards (tests are needed)
 
* Add auth logging support ([https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/master-mit-kdc-ok WIP branch])
 
* Add auth logging support ([https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/master-mit-kdc-ok WIP branch])
 
* Computer GPO's are not applied, see [https://bugzilla.samba.org/show_bug.cgi?id=13516 Bug 13516]
 
* Computer GPO's are not applied, see [https://bugzilla.samba.org/show_bug.cgi?id=13516 Bug 13516]
 
* Add support for [http://k5wiki.kerberos.org/wiki/Projects/IAKERB IAKERB]
 
* Define API for a libkdc in MIT Kerberos
 
* Define API for a libkdc in MIT Kerberos
 
* Running as a Read only domain controller (RODC)
 
* Running as a Read only domain controller (RODC)
* Add support for [http://k5wiki.kerberos.org/wiki/Projects/IAKERB IAKERB]
 

Revision as of 17:24, 13 December 2021

Samba AD with MIT KDC

This page lists tasks which need to be done to bring the MIT KDC support for Samba AP on the same functional level as we have with Heimdal. We need help to implement those features. Let us know if you want to pick up a task, the Samba Team is not actively working on those!

TODO

  • (WIP) Service for User to Self-service (S4U2self)
  • (WIP) Service for User to Proxy (S4U2proxy)
  • (WIP) Resource based constrained delegation
  • Allow starting the MIT KDC with multiple worker processes (-w numworkers)
  • PKINIT support required for using smart cards (tests are needed)
  • Add auth logging support (WIP branch)
  • Computer GPO's are not applied, see Bug 13516
  • Add support for IAKERB
  • Define API for a libkdc in MIT Kerberos
  • Running as a Read only domain controller (RODC)