Re: Shishi 0.0.26

[Elrond]

On Mon, May 15, 2006 at 09:59:09PM +0200, Simon Josefsson wrote:
[...]
> > That opens a "stable" door to my next exploration: Sending
> > an AP (inside hackish spnego) to w2k3. ;)
> 
> Great.
> 
> Uhm, btw, do you have any pending outstanding bugs right now?  I may
> have missed some older e-mail.

Except for the all-famous subkey, I don't remember any bug.

There's only one "feature request" in the air left:

A shisa-util library, which has some useful stuff on top of
shisa _and_ shishi.

But that's far future.


[...]
> > I'm still curious, if w2k3 will accept the TGS, if the
> > checksum is keyed using the subkey. (shishi still wont be
> > able to decrypt the answer, but that's another story.)
> 
> Yup, there is some debugging to do there, if anyone is interested...

Next week or so...


> >> ** The Shishi PAM module in extra/pam-shishi/ is now built by default.
> >> The installation path has also been changed to $prefix/lib/security,
> >> but you can change it with `configure --with-pam-dir=/somewhere/else'
> >> or `make install PAMDIR=/somewhere/else'.
> >
> > If I have waaayy to much time, I'll add it to my system and
> > try it for xlock auth or something useless ;)
> 
> The hard part is getting a host keytab in Shishi format out of a
> MIT/Heimdal setup.

Having the set-passwd thing in shishi would solve this
problem too:

- Set new (random) pw on kdc
- Write new pw to hosts keys.


    Elrond