1.7 planning: Collecting Projects to Estimate

Luke Howard lukeh at padl.com
Wed Jan 31 18:06:37 EST 2007

>- login policy plugin support
>    Provide support for the KDC to use a login policy plugin to
>    determine if TGT should be issued and also log TGT issue success and
>    failures.  The idea is this could allow vendor specific login policy
>    control over TGT issuance with the vendor specific code in an plugin
>    external to the KDC code.  The KDC code modification would be a
>    plugin hook that the KDC would call before responding to a TGT
>    request and another hook to record either a successful TGT issuance
>    or failure (say if preauth verification fails).

I did implement this but using DAL. It's probably cleaner to abstract this
from the database backend.

>- KDC principal alias support
>    The KDC should support multiple principal aliases for a particular
>    set principal keys. One use would be for a service on a system with
>    multiple hostnames.  One set of keys could be generated for that
>    system and the other service princ names could be aliases.

We have some patches for this. I'll discuss whether we can make these

-- Luke

www.padl.com | www.lukehoward.com

More information about the krbdev mailing list