Implementing preauthentication using loadable modules

Ken Raeburn raeburn at MIT.EDU
Sat Sep 30 19:37:32 EDT 2006

On Sep 30, 2006, at 18:50, Sam Hartman wrote:
> the current plugin uses the same entry point for the KDC and client
> code.  I'm not sure this is a good ide.  Architecturally, plugins need
> to have no unresolved symbols on some platforms.  So, if you are going
> to link against the kdb or kadm5 libraries (especially if you are an
> in-tree plugin with k5-int.h access), then you will pull in a bunch of
> code not needed on a client.  Also, for many operating systems this
> code may not even always be installed on a client.
> I wonder if we want different plugin entry points and locations for
> KDC and client?

I'm pretty certain that we do.  It would be reasonable, I think, to  
allow one plugin module to provide both, but poor form to require it.


More information about the krbdev mailing list