Plugin project proposal

Jeffrey Hutzelman jhutz at
Sun Aug 1 21:19:00 EDT 2010

--On Thursday, July 15, 2010 04:32:20 PM -0500 Nicolas Williams 
<Nicolas.Williams at> wrote:

> On Thu, Jul 15, 2010 at 02:23:49PM -0700, Russ Allbery wrote:
>> Zhanna Tsitkova <tsitkova at> writes:
>> > The assumption here was that krb5 contexts are usually created at the
>> > start-up, are long-living and there are very few contexts created.
>> In an ideal situation, this would probably be the case, but there are a
>> lot of real-world situations that do password authentication with some
>> volume.  A typical use pattern for such an application is to generate a
>> new krb5_context for every authentication attempt (usually because that's
>> encapsulated in a PAM module or similar plugin).  I suspect you will find
>> many situations where it's common to have several krb5_contexts created
>> and freed per second.
> Exactly.  Now suppose you've a plugin whose initializer likes to do
> things like, say, DNS lookups (for SRV RRs, perhaps, to discover
> services).
> Now krb5_init_context() could take a very long time to complete indeed.

Yes; that would suck, a lot.

-- Jeff

More information about the krbdev mailing list