Draft kadmind plugin API (2007-04-27)

Sam Hartman hartmans at MIT.EDU
Sun Apr 29 07:36:01 EDT 2007

This looks reasonably good.

In response to your footnotes:

My preference is that you work with Ken to find a solution to [1].  I
care more about the usability of the API and the ease withwhich we can
add new plugin interfaces than I do about sharp abstractions between
k5support and libkrb5.  I care a lot about removing duplication of
code.  ,Reecoding loops to deal with plugins in libkadm5srv, libkrb5,
the kdc, etc, is undesirable and I believe this is already going on.
Minimizing the complexity of those loops by moving code into
anabstraction is good.  I don't think there are parts of our code that
could not somehow get a krb5_context if they needed one.  Having
libk5support link against libkrb5 is potentially problematic.

[2] Passwords in k5crypto are treated as krb5_data; the string2key
function certainly can deal with nulls.  So, at the kerberos level at
least passwords are not C strings.  If you do treat passwords as
length+data please use krb5_data.  Also, if you do this in your
implementation please do null terminate.

[3] no thoughts

[4] No real thoughts.

More information about the krbdev mailing list