Plugin project proposal
Jeffrey Hutzelman
jhutz at cmu.edu
Sun Aug 1 21:19:00 EDT 2010
--On Thursday, July 15, 2010 04:32:20 PM -0500 Nicolas Williams
<Nicolas.Williams at oracle.com> wrote:
> On Thu, Jul 15, 2010 at 02:23:49PM -0700, Russ Allbery wrote:
>> Zhanna Tsitkova <tsitkova at mit.edu> writes:
>> > The assumption here was that krb5 contexts are usually created at the
>> > start-up, are long-living and there are very few contexts created.
>>
>> In an ideal situation, this would probably be the case, but there are a
>> lot of real-world situations that do password authentication with some
>> volume. A typical use pattern for such an application is to generate a
>> new krb5_context for every authentication attempt (usually because that's
>> encapsulated in a PAM module or similar plugin). I suspect you will find
>> many situations where it's common to have several krb5_contexts created
>> and freed per second.
>
> Exactly. Now suppose you've a plugin whose initializer likes to do
> things like, say, DNS lookups (for SRV RRs, perhaps, to discover
> services).
>
> Now krb5_init_context() could take a very long time to complete indeed.
Yes; that would suck, a lot.
-- Jeff
More information about the krbdev
mailing list