$Id: WISHLIST,v 1.4 1995/12/17 07:17:23 marekm Exp $

This is my wishlist for the shadow suite, in no particular order.  Feel
free to do anything from this list and mail me the diffs :-).  New ideas
to add to this list are welcome, too.  --marekm

- fix all the bugs, of course
- use NYS library on Linux with libc 5.x
- set more resource limits on login
- read /etc/environment and $HOME/.environment like ssh does
- figure out if the vhangup() thing (see util-linux login.c) is still needed
- integrate S/Key authentication support
- login access control (from logdaemon/FreeBSD)
- set permissions for floppy etc. for console logins like Suns do
- secure-RPC authentication? (merge l2nis+ util-linux patches)
- use NIS too when checking for unique uid/gid (Solaris does this)
- Kerberos authentication? (need assistance)
- password history, no reuse of the same passwords (from npasswd)
- "force immediate password change" option (like SunOS 4.x passwd -e)
- implement "su only" accounts
- lock account for specified time since last failure if over failure limit
- login -d device instead of slow ttyname() for faster logins
- locale support (date formats, message catalogs), any volunteers?
- make use of gnu autoconf (there are patches floating around)
- more size checking or dynamic allocation - fixed size arrays are so easy
  to overflow leading to security problems
- clean up the code a bit to make gcc -Wall happy
- rewrite getdef.c to be more general (no hardcoded names)
- see if sulogin works with Linux sysvinit
- fix save/restore Makefile targets to do the right thing on Linux
- update man pages to reflect all the changes (real programmers ... :-)
- reorganize the source tree (separate library type files etc.)
- (maybe) protected password database like SCO and OSF/1 enhanced security,
  they have some nice features but it is quite complex and not very well
  documented...
- fix LOGIN_STRING (handle quotes, whitespace etc.), change the name to
  something less confusing
- patch for rlogind/telnetd to create utmp entry and fill in ut_addr
- patches for ftpd (in the works), rexecd, pop[23]d, ssh, xdm, ... (with all
  the nice/fascist features, not just "pw->pw_passwd = sp->sp_pwdp;")
- verify _every_ strcpy/strcat/sprintf to make sure it will not overflow
  (would be real nice if all systems had snprintf...)
- clean up *io.c, separate duplicated code
- rewrite lastlog.8 man page (copyright)
