Roadmap MIT KDC: Difference between revisions
From SambaWiki
(Mark PKINIT as WIP) |
(Update support) |
||
| Line 5: | Line 5: | ||
== TODO == |
== TODO == |
||
* ([https://github.com/krb5/krb5/pull/1225 WIP]) Service for User to Self-service (S4U2self) |
|||
* ([https://github.com/krb5/krb5/pull/1225 WIP]) Service for User to Proxy (S4U2proxy) |
|||
* ([https://github.com/krb5/krb5/pull/1225 WIP]) Resource based constrained delegation |
|||
* ([https://github.com/krb5/krb5/pull/1236 WIP]) PKINIT support required for using smart cards (tests are needed) |
|||
* Add auth logging support ([https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/master-mit-kdc-auditlog WIP branch]) |
* Add auth logging support ([https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/master-mit-kdc-auditlog WIP branch]) |
||
* Allow starting the MIT KDC with multiple worker processes (<code>-w numworkers</code>) |
* Allow starting the MIT KDC with multiple worker processes (<code>-w numworkers</code>) |
||
* Computer GPO's are not applied, see [https://bugzilla.samba.org/show_bug.cgi?id=13516 Bug 13516] |
|||
* Define API for a libkdc in MIT Kerberos |
* Define API for a libkdc in MIT Kerberos |
||
* Running as a Read only domain controller (RODC) |
* Running as a Read only domain controller (RODC) |
||
* Support for Claims |
|||
Latest revision as of 12:17, 18 July 2023
Samba AD with MIT KDC
This page lists tasks which need to be done to bring the MIT KDC support for Samba AP on the same functional level as we have with Heimdal. We need help to implement those features. Let us know if you want to pick up a task, the Samba Team is not actively working on those!
TODO
- Add auth logging support (WIP branch)
- Allow starting the MIT KDC with multiple worker processes (
-w numworkers) - Define API for a libkdc in MIT Kerberos
- Running as a Read only domain controller (RODC)
- Support for Claims