Password sync plugin, and questions about plugin criticality
Nicolas Williams
Nicolas.Williams at sun.com
Mon Jun 26 07:44:53 EDT 2006
On Mon, Jun 26, 2006 at 09:41:58PM +1000, Luke Howard wrote:
> >A pre-auth plug-in framework should be a pretty dumb thing. As should
>
> It depends what the pre-auth data actually does, for example
> the S4U2Self PA type changes the handling of a TGS-REQ quite
> significantly.
The MIT krb5 library- and KDC-side handling of pre-auth need some
refactoring, yes. But once that's done the plug-in framework itself
should be straightforward as there's none of the complications that
there are in GSS mechglue or in PAM.
Nico
--
More information about the krbdev
mailing list