MIT KDC & multiple admins for subsets of principals
Matthew J. Smith
matt.smith at uconn.edu
Mon Mar 6 09:20:55 EST 2006
Thank you very much for the thorough response, and the kind offer of
code. I am very intrigued by the kadmin plugin architecture that you
have described, and wish I had the time to devote to such a project.
Unfortunately for now, I will probably couple the password admin ACL
layer directly into our homegrown web-based admin toolset.
<snip source="greg at enjellic.com">
>
> I wrote a plug-in architecture for the MIT krb5kdc/kadmind system
> which allow them to be functionally extended with shared library
> plug-ins. The kadmind plug-in currently implements storage of raw
> passwords, ala AD, within the database. It wouldn't be a stretch to
> implement a hook within this framework to poll LDAP for a list of the
> identities which a principal with administrative rights could execute
> changes against.
>
</snip>
Is there any chance that the main MIT codebase would ever include such a
plugin architecture, to facilitate extended functionality such as my
complex ACL use case?
Thank you again,
-Matt
More information about the Kerberos
mailing list