removing pa_type from krb5_get_init_creds_opt_set_pa
Jeffrey Hutzelman
jhutz at cmu.edu
Thu Dec 7 16:01:44 EST 2006
On Thursday, December 07, 2006 01:41:52 PM -0600 "Douglas E. Engert"
<deengert at anl.gov> wrote:
>
>
> Sam Hartman wrote:
>
>>
>> Actually, how would people feel if we adopt Doug's proposal and remove
>> the pa_type from this function and establish a central registry for
>> the attribute names?
>>
>
> You could say the attribute names should start with the name of the
> plugin. The plugin names have to be unique?
Not good enough. The attribute names have to be universally unique, not
just unique within any given combination of library and plugins. That
implies some sort of registry, though not necessarily of individual
attribute names.
If attribute names include the name of the plugin, then you can simply
register plugin names, with each registration getting you a whole family of
attribute names for "free". That would likely be a simpler registry to
operate.
If attribute names include a domain name controlled by the person who chose
the attribute name, then you can simply register domain names, with each
registration getting you a whole family of attribute names for "free".
That registry is _not_ simpler to operate, but has the advantage that
someone else is already doing it.
-- Jeff
More information about the krbdev
mailing list