Implementing preauthentication using loadable modules
raeburn at MIT.EDU
Sat Sep 30 19:37:32 EDT 2006
On Sep 30, 2006, at 18:50, Sam Hartman wrote:
> the current plugin uses the same entry point for the KDC and client
> code. I'm not sure this is a good ide. Architecturally, plugins need
> to have no unresolved symbols on some platforms. So, if you are going
> to link against the kdb or kadm5 libraries (especially if you are an
> in-tree plugin with k5-int.h access), then you will pull in a bunch of
> code not needed on a client. Also, for many operating systems this
> code may not even always be installed on a client.
> I wonder if we want different plugin entry points and locations for
> KDC and client?
I'm pretty certain that we do. It would be reasonable, I think, to
allow one plugin module to provide both, but poor form to require it.
More information about the krbdev