Implementing preauthentication using loadable modules

[Sam Hartman]

>>>>> "Nalin" == Nalin Dahyabhai <nalin at redhat.com> writes:

    Nalin> What would new minor version numbers designate?  I can
    Nalin> imagine that if the interface were extended by adding new
    Nalin> items to the end of one structure or another, that the
    Nalin> routines which load the modules could use the minor version
    Nalin> number to determine where the structure provided by the
    Nalin> module "ends".

Exactly.

    Nalin> In the short term, would those functions need to be
    Nalin> modified to reject modules which implement a newer minor
    Nalin> version than they support, or do we force modules which
    Nalin> implement newer minor versions to still work correctly if
    Nalin> the newer members are ignored?

I think that's the major difference between a minor version change and
a major version change.  If we change in a manner where the kdc or
client requires new functionality or we add interfaces that need to be
called differently then we bump the major version.  I guess it's
possible that you could have a module that really is only useful with
new functionality.  The KDC could give its minor version as an
argument to the module init routine.