Plugin Manager in Kerberos

Zhanna Tsitkova tsitkova at MIT.EDU
Tue Feb 9 17:09:08 EST 2010

Is it time to introduce a new module - Plugin Manager - into our code?

Proposing  such new pluggable features as alternative PRNG, Audit  
system, Password Quality validator and getting feedback from the  
community,  it is my understanding that there is an increasing  
interest in making Kerberos more plug-in oriented. Perhaps, having  
"core + plugins" architecture. As of 1.8, our codebase has few modules  
that fit this plug-in classification: DB, AuthData, PreAuth, Locate,  
GSS Mechanisms, Ccache, replay cache, keyTab; and the candidates for  
future releases are: PRNG, Password Policy, Audit, Profile/ 
Configuration, DNS/Host realm and account lockout Policy.

I think it would be wise to have some general purpose lightweight  
built-in Plugin Manager (PM) that serves the purpose of discovering,  
registering and initialization of the available services, and  
providing the pointers to these services upon request.
One of the possible approaches would be to have a config file  
containing the list of the desirable services. During the server start- 
up, PM would consult with this config file and register the available  
plugins. (Of course, other discovery  mechanisms are possible). When  
application requests some service, Plugin Manager would use its query  
mechanism, perhaps, hash table of the names of the services, and  
return the application either a valid pointer or nothing.

Your input and option is very much appreciated!


More information about the krbdev mailing list