Password sync plugin, and questions about plugin criticality

[Luke Howard]

>Example of what I propose: PAM, where plug-ins simply export function
>symbols named pam_sm_{authenticate, acct_mgmt, setcred, open_session,
>close_session}.

We might want to consider what we can learn from PAM and SLAPI regarding
plugin stacking. PAM leaves this to the administrator, in SLAPI all that
is configurable is the order of plugins (see previous mail).

Personally, I'm all for deployment flexibility, but OTOH configuring PAM
has created a lot of grief over the years, particularly the interaction
with plugins that are invoked twice for a particular operation.

So, without digressing too much from solving the password plugin problem,
we should think about this carefully. :-)

-- Luke

--