Password quality pluggable interface scope

Greg Hudson ghudson at MIT.EDU
Fri Aug 27 14:20:30 EDT 2010

On Fri, 2010-08-27 at 13:58 -0400, Russ Allbery wrote:
> Greg Hudson <ghudson at MIT.EDU> writes:
> > Plugin modules can read profile associations; consider PKINIT
> > configuration variables, for example, or LDAP back-end configuration.
> What interface does this use now?  This was one of the biggest problems
> that I ran into when I wrote the plugins originally, since there wasn't
> any interface available other than krb5_appdefault* (which is a horrible
> interface).

krb5_get_profile() followed by some variant of profile_get_values().
This isn't new stuff, so perhaps there's some reason I don't know about
why it's not adequate?  (In-tree plugins tend to access context->profile

I hadn't run across krb5_appdefault* before; I don't think it would be
appropriate for plugins, but I am curious what's horrible about it.

More information about the krbdev mailing list