Password sync plugin, and questions about plugin criticality

[Ken Hornstein]

Continuing an earlier discussion regarding password change tracking and
a plugin interface...

This seems relatively straightforward to do.  The only wrinkle I see is
that some people want to do this before the local k5 database is updated,
and some people want to do it after.  Both had (in my mind) valid points
why they wanted it that way.

Here are some suggested entry points for a password sync plugin interface.
Comments?

void pwupdate_init(void **context, krb5_context);

	Initialize the pwupdate plugin.

int pwupdate_precommit_password(void *context, char *password, int pwlen,
				char *error_msg, int error_msg_len);

	Update the password in the external store; called before password
	is stored locally.  In case of failure, return non-zero code and
	set error_msg to an error string.

int pwupdate_postcommit_password(void *context, char *password, int pwlen,
				 char *error_msg, int error_msg_len);

	Same as the precommit function, but called after password is stored
	locally.

void pwupdate_close(void *context);

	Free the context.

On another topic ... at least for the password quality plugin, I and others
would like to designate some plugins as critical ... if they don't exist
or fail to initialize (perhaps) we want the KDC to not start, so we know
about it in a hurry.  From my looking at the plugin architecture, it doesn't
have that capability right now.  Is that correct?  If so, any suggestions
on the right way to add this capability?  I assume this sort of config
info would go in krb5.conf, but of course there are plenty of other
details to consider.

--Ken