How to extend kadmin
ghudson at MIT.EDU
Thu Oct 29 16:41:35 EDT 2009
On Thu, 2009-10-29 at 13:40 -0400, Sam Hartman wrote:
> Count me in the set of people who want to be able to use rpcgen. This
> is under the assumption that we can find some way of generating
> encoders for krb5_principal. Ken's solution seems fine to me. Nico's
> solution--asking the application to deal--does not.
I've done a little more thinking about this today.
1. According to our current promises, we can change the C API of
libkadm5 in any way we want (without necessarily bumping api_version or
providing compatibility, though we do of course need to bump the
soname). That means we can tamper with the principal_ent and policy_ent
structures as long as we don't change their network encodings.
2. If we add an api_version field to the principal_ent and policy_ent
structures, and custom encoding functions for those structures, then we
can make those structure encodings dependent on the api_version while
still using stock rpcgen for everything else.
So, Luke's approach to lockout support isn't necessarily incompatible
with using rpcgen--just with auto-generating xdr_kadm5_policy_ent_rec.
More information about the krbdev