preauth plugin configuration issues
Kevin Coffman
kwc at citi.umich.edu
Tue Mar 6 14:55:18 EST 2007
On 3/6/07, Sam Hartman <hartmans at mit.edu> wrote:
> >>>>> "Sam" == Sam Hartman <hartmans at MIT.EDU> writes:
>
> Sam> Unfortunately, we may have a problem here. I'm not sure we
> Sam> can change existing preauth plugin interfaces in the 1.6 time
> Sam> frame. I understand that we did not commit to a public API,
> Sam> so we definitely could change them for 1.7. However I think
> Sam> we do have vendors who are depending on at least the existing
> Sam> interfaces being somewhat stable for 1.6.
>
> Would forcing the context that preauth plugins get have the current
> realm as the default realm allow us to get around this issue?
I don't think it gets around the issue of being able to support more
than one realm in the KDC. It would take a lot of restructuring of
the pkinit code to be able to handle requests for multiple realms if
it doesn't know about them at the time the plugin init function is
called.
More information about the krbdev
mailing list