Password sync plugin, and questions about plugin criticality
Roland Dowdeswell
elric at imrryr.org
Mon Jun 26 11:44:24 EDT 2006
On 1151300018 seconds since the Beginning of the UNIX epoch
Ken Hornstein wrote:
>
>Continuing an earlier discussion regarding password change tracking and
>a plugin interface...
>
>This seems relatively straightforward to do. The only wrinkle I see is
>that some people want to do this before the local k5 database is updated,
>and some people want to do it after. Both had (in my mind) valid points
>why they wanted it that way.
>
>Here are some suggested entry points for a password sync plugin interface.
>Comments?
It might be substantially more robust and extensible to define an
IPC mechanism to do this rather than loading code into what should
be some of the most stable and secure code in the environment.
This would provide a nice logical separation of the address spaces
that would make me at least feel substantially happier about things.
I could then, e.g. run the plugins as a non-root user in a chroot
jail if they do not actually need access to the KDC's database.
And when random 3rd party code decides to go around dereferencing
NULL pointers, I could rest assured that my krb5kdc or kadmind
wouldn't crash.
We have all seen the ... fun of library versioning problems, 32/64
bit lib issues, etc. that are caused when you decide to go with a
plugin architecture rather than an IPC architecture. Is there a
compelling reason in this case to not avoid these issues?
--
Roland Dowdeswell http://www.Imrryr.ORG/~elric/
More information about the krbdev
mailing list