how should plug-ins be located on Windows?

Ken Raeburn raeburn at MIT.EDU
Tue Aug 7 22:29:06 EDT 2007

On Aug 6, 2007, at 22:54, Jeffrey Altman wrote:
> Has anyone given any thought to how they would like to see plug-ins be
> configured on Windows?
> The Windows way would be to use a registry key that is accessible only
> to the "Administrator" as a place to list plug-ins to be loaded.
> 	HKLM\Software\MIT\Kerberos5\Plugins

Sounds okay, though I think a user should be able to override that  
for non-privileged programs they're running.

> What about digital signatures?  I would like to see an option that  
> would
> require that plug-ins be digitally signed if the Kerberos libraries  
> are
> digitally signed.

I'd like to hear more about your idea.  Would this be Windows- 
specific?  Why is the requirement on plugins tied to the signing of  
the library?  How would you test whether the library is signed?  How  
would you validate the plugin's signature without a race condition?   
What's the threat model, where digital signatures on plugins help but  
(I presume) the config file can be trusted?

This sounds like a much bigger project than just getting KfW to load  
plugins; might be best to treat it separately, unless you've got a  
good reason why they should be linked.


More information about the krbdev mailing list