Implementing preauthentication using loadable modules

Sam Hartman hartmans at MIT.EDU
Sat Sep 30 18:50:28 EDT 2006

I've thought of one other significant potential issue.

the current plugin uses the same entry point for the KDC and client
code.  I'm not sure this is a good ide.  Architecturally, plugins need
to have no unresolved symbols on some platforms.  So, if you are going
to link against the kdb or kadm5 libraries (especially if you are an
in-tree plugin with k5-int.h access), then you will pull in a bunch of
code not needed on a client.  Also, for many operating systems this
code may not even always be installed on a client.

I wonder if we want different plugin entry points and locations for
KDC and client?


More information about the krbdev mailing list