[PATCH] Plugin Interface Change
Nico Williams
nico at cryptonector.com
Thu Sep 15 21:52:32 EDT 2011
On Thu, Sep 15, 2011 at 11:31 AM, Greg Hudson <ghudson at mit.edu> wrote:
> * We will need an enhancement to the lookaside cache (replay.c) to
> support requests in progress. A request should be added with no
> response as soon as it is received, and then its entry should be
> augmented to contain the response after we have one. If a request
> arrives which has a lookaside cache entry with no response, we should
> drop the request (we'll respond to it later). Without this enhancement,
> KDCs will start processing retransmitted requests, which is a
> regression.
The nicest thing about the KDC exchanges being stateless is that the
incoming request is the only state that need be queued while some
plugin wants to wait for some event (any state produced by that event
could be cached so that subsequent re-processing of the stalled
request can find it). This approach does very little violence to the
main body of the KDC. OTOH, a library-style KDC would really help
with things like PKU2U.
Nico
--
More information about the krbdev
mailing list