krb1.5 plugin interface query

[Ken Raeburn]

On Sep 8, 2006, at 11:58, Vipin Rathor wrote:
>     As MIT_krb1.5 supports two plugin interfaces, one internal  
> interface for
> new database layer and other public interface for KDC.
> here, can anyone tell me,
> 1.How i can use these interfaces to get most out of them?
> 2.is there any reference doc. available for using these interfaces?

No reference docs currently.

kdc location: Are you doing anything interesting where krb5.conf  
entries or DNS SRV records won't cut it for locating your KDCs?

db: This may be a moving target, at least for a little while.  The  
1.6 release is going to have an LDAP-based back end.  If you feel  
like writing one for, say, MySQL, or Postgres, that might be of  
interest to people.  Depends on performance a lot -- latency per  
request, as well as throughput.


Actually, Sam and I had an idea for a use for the KDC location plugin  
interface: You could use it for experimenting with new code to do the  
config-file or DNS lookups in different ways.  Either for your own  
private use, without affecting other users, or as a way of testing  
code you might like to integrate into your source tree and/or submit  
to us, but without having to rebuild the whole tree for every change.

For example: Our code for using DNS SRV records doesn't look at the  
"additional data" fields of the response, which may contain the  
network addresses of the hosts listed, so you don't have to make  
additional queries.  (A question I haven't investigated: Does the  
presence of an A record there and no AAAA records mean there is no  
AAAA record, or would you still need to make that query?  My guess  
would be the latter.)

And depending on your environment, if the address queries are needed,  
it may be more efficient to find a way to fire off multiple requests  
to the DNS server and then collect the results as they come in (but  
you may not want to lose the /etc/hosts check).

Ken