Plugin Manager for Kerberos

Zhanna Tsitkova tsitkova at MIT.EDU
Tue Feb 9 16:23:38 EST 2010

Is it time to introduce a new module - Plugin Manager - into our code?

Proposing  such new pluggable features as alternative PRNG, Audit system, Password Quality validator and getting feedback from the community,  it is my understanding that there is an increasing  interest in making Kerberos more plug-in oriented. Perhaps, having "core + plugins" architecture. As of 1.8, our codebase has few modules that fit this plug-in classification: DB, AuthData, PreAuth, Locate, GSS Mechanisms, Ccache, replay cache, keyTab; and the candidates for future releases are: PRNG, Password Policy, Audit, Profile/Configuration, DNS/Host realm and account lockout Policy. 

I think it would be wise to have some general purpose lightweight built-in Plugin Manager (PM) that serves the purpose of discovering, registering and initialization of the available services, and providing the pointers to these services upon request. 
One of the possible approaches would be to have a config file containing the list of the desirable services. During the server start-up, PM would consult with this config file and register the available plugins. (Of course, other discovery  mechanisms are possible). When application requests some service, Plugin Manager would use its query mechanism, perhaps, hash table of the names of the services, and return the application either a valid pointer or nothing. 

Your input and option is very much appreciated!


More information about the krbdev mailing list