preauth plugin configuration issues

Kevin Coffman kwc at
Tue Mar 6 14:55:18 EST 2007

On 3/6/07, Sam Hartman <hartmans at> wrote:
> >>>>> "Sam" == Sam Hartman <hartmans at MIT.EDU> writes:
>     Sam> Unfortunately, we may have a problem here.  I'm not sure we
>     Sam> can change existing preauth plugin interfaces in the 1.6 time
>     Sam> frame.  I understand that we did not commit to a public API,
>     Sam> so we definitely could change them for 1.7.  However I think
>     Sam> we do have vendors who are depending on at least the existing
>     Sam> interfaces being somewhat stable for 1.6.
> Would forcing the context that preauth plugins get have the current
> realm as the default realm allow us to get around this issue?

I don't think it gets around the issue of being able to support more
than one realm in the KDC.  It would take a lot of restructuring of
the pkinit code to be able to handle requests for multiple realms if
it doesn't know about them at the time the plugin init function is

More information about the krbdev mailing list