Plugin Manager in Kerberos
Zhanna Tsitkova
tsitkova at MIT.EDU
Tue Feb 9 17:09:08 EST 2010
Hi!
Is it time to introduce a new module - Plugin Manager - into our code?
Proposing such new pluggable features as alternative PRNG, Audit
system, Password Quality validator and getting feedback from the
community, it is my understanding that there is an increasing
interest in making Kerberos more plug-in oriented. Perhaps, having
"core + plugins" architecture. As of 1.8, our codebase has few modules
that fit this plug-in classification: DB, AuthData, PreAuth, Locate,
GSS Mechanisms, Ccache, replay cache, keyTab; and the candidates for
future releases are: PRNG, Password Policy, Audit, Profile/
Configuration, DNS/Host realm and account lockout Policy.
I think it would be wise to have some general purpose lightweight
built-in Plugin Manager (PM) that serves the purpose of discovering,
registering and initialization of the available services, and
providing the pointers to these services upon request.
One of the possible approaches would be to have a config file
containing the list of the desirable services. During the server start-
up, PM would consult with this config file and register the available
plugins. (Of course, other discovery mechanisms are possible). When
application requests some service, Plugin Manager would use its query
mechanism, perhaps, hash table of the names of the services, and
return the application either a valid pointer or nothing.
Your input and option is very much appreciated!
Thanks,
Zhanna
More information about the krbdev
mailing list