Password sync plugin, and questions about plugin criticality
Ken Hornstein
kenh at cmf.nrl.navy.mil
Mon Jun 26 09:15:08 EDT 2006
>On Mon, Jun 26, 2006 at 01:33:38AM -0400, Ken Hornstein wrote:
>> void pwupdate_init(void **context, krb5_context);
>
>No krb5_context should be needed. One argument should suffice.
>
>Presumably it's up to the plug-in to be thread-safe.
But if I want to call krb5_* functions (which is supposed to work in
the MIT plug-in architecture), how would I do that without a krb5_context?
>> int pwupdate_precommit_password(void *context, char *password, int pwlen,
>> char *error_msg, int error_msg_len);
>>
>> Update the password in the external store; called before password
>> is stored locally. In case of failure, return non-zero code and
>> set error_msg to an error string.
>
>This mixes password quality checking and password updates.
I don't see how. (One thing you may have missed; I had already worked
out a password quality checking plugin seperately).
>Also, if you separate password quality checking from password
>synchronization you can collapse these two functions into one.
I don't think I can; some people absolutely want external password sync
to happen before the password gets written locally; other people
want the exact opposite.
--Ken
More information about the krbdev
mailing list