Plugin project proposal
Nicolas Williams
Nicolas.Williams at oracle.com
Thu Jul 15 17:32:20 EDT 2010
On Thu, Jul 15, 2010 at 02:23:49PM -0700, Russ Allbery wrote:
> Zhanna Tsitkova <tsitkova at mit.edu> writes:
> > The assumption here was that krb5 contexts are usually created at the
> > start-up, are long-living and there are very few contexts created.
>
> In an ideal situation, this would probably be the case, but there are a
> lot of real-world situations that do password authentication with some
> volume. A typical use pattern for such an application is to generate a
> new krb5_context for every authentication attempt (usually because that's
> encapsulated in a PAM module or similar plugin). I suspect you will find
> many situations where it's common to have several krb5_contexts created
> and freed per second.
Exactly. Now suppose you've a plugin whose initializer likes to do
things like, say, DNS lookups (for SRV RRs, perhaps, to discover
services).
Now krb5_init_context() could take a very long time to complete indeed.
Nico
--
More information about the krbdev
mailing list