Implementing preauthentication using loadable modules
Kevin Coffman
kwc at citi.umich.edu
Thu Sep 28 16:36:58 EDT 2006
Hello Nalin,
This appears to be a very nice implementation of the preauth plugin.
As Jim mentioned, we are working on a pkinit implementation. We'd
very much like to work with you (and anyone else) to join forces and
eliminate any duplication of effort on this. A bit of information on
our project can be found here:
http://www.citi.umich.edu/projects/pkinit/
K.C.
On 9/26/06, Nalin Dahyabhai <nalin at redhat.com> wrote:
> Hello everyone, I've been working on getting libkrb5 and krb5kdc able to
> use modules to implement preauthentication, and have gotten to a point
> where there's a largish patch which I think puts abstraction points in
> most of the right places.
>
> Why use a loadable module instead of directly patching in new
> functionality? My thinking is that certain means of preauthentication
> (okay, PKINIT primarily) are likely to depend on external libraries, and
> using modules
> a) removes the need to keep krb5-config's --libs output up to date with
> the right dependency information
> b) shields applications which never obtain initial credentials from
> new dependencies and bigger memory footprints
> c) if the module interface is stable enough, heavily-in-development
> modules can be built out-of-tree
>
> I've put a proposed patch which implements a module interface, and
> provides a couple of sample modules which use it, at
> http://people.redhat.com/nalin/krb5-pal/trunk.diff.20060926 and would
> like to hear what people think.
>
> Thanks,
>
> Nalin
> _______________________________________________
> krbdev mailing list krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
More information about the krbdev
mailing list