Plugin project proposal

Nicolas Williams Nicolas.Williams at
Thu Jul 15 17:32:20 EDT 2010

On Thu, Jul 15, 2010 at 02:23:49PM -0700, Russ Allbery wrote:
> Zhanna Tsitkova <tsitkova at> writes:
> > The assumption here was that krb5 contexts are usually created at the
> > start-up, are long-living and there are very few contexts created.
> In an ideal situation, this would probably be the case, but there are a
> lot of real-world situations that do password authentication with some
> volume.  A typical use pattern for such an application is to generate a
> new krb5_context for every authentication attempt (usually because that's
> encapsulated in a PAM module or similar plugin).  I suspect you will find
> many situations where it's common to have several krb5_contexts created
> and freed per second.

Exactly.  Now suppose you've a plugin whose initializer likes to do
things like, say, DNS lookups (for SRV RRs, perhaps, to discover

Now krb5_init_context() could take a very long time to complete indeed.


More information about the krbdev mailing list