Implementing preauthentication using loadable modules

Ken Raeburn raeburn at MIT.EDU
Mon Oct 2 19:40:47 EDT 2006

On Oct 2, 2006, at 10:06, Kevin Coffman wrote:

> On 10/2/06, Nalin Dahyabhai <nalin at> wrote:
>> On Fri, Sep 29, 2006 at 03:30:50PM -0400, Kevin Coffman wrote:
>>> Something else I'd like to see added is a module initialization and
>>> cleanup (init/fini) function as is defined for the other module
>>> interfaces.  We found this convenient to do required openssl
>>> initialization.
>> Makes sense.  The KDC loads its modules once, so no problem  
>> there.  At
>> the moment, libkrb5 loads and unloads modules for each call to
>> krb5_get_init_creds() -- would that cause problems for libraries like
>> OpenSSL?

We've already got hooks for load-time initialization (and unload-time  

The functions added to the other plugins are intended for per-context  
initialization.  And the KDC does create multiple contexts.

> I think we need to initialize our use each time we are loaded, so it
> shouldn't be a problem.

If it only needs to be called once for the process, is the existing  
load-time hook not adequate?


More information about the krbdev mailing list