1.7 planning: Collecting Projects to Estimate
Luke Howard
lukeh at padl.com
Wed Jan 31 18:06:37 EST 2007
>- login policy plugin support
>
> Provide support for the KDC to use a login policy plugin to
> determine if TGT should be issued and also log TGT issue success and
> failures. The idea is this could allow vendor specific login policy
> control over TGT issuance with the vendor specific code in an plugin
> external to the KDC code. The KDC code modification would be a
> plugin hook that the KDC would call before responding to a TGT
> request and another hook to record either a successful TGT issuance
> or failure (say if preauth verification fails).
I did implement this but using DAL. It's probably cleaner to abstract this
from the database backend.
>- KDC principal alias support
>
> The KDC should support multiple principal aliases for a particular
> set principal keys. One use would be for a service on a system with
> multiple hostnames. One set of keys could be generated for that
> system and the other service princ names could be aliases.
We have some patches for this. I'll discuss whether we can make these
available.
-- Luke
--
www.padl.com | www.lukehoward.com
More information about the krbdev
mailing list