Host-realm pluggable interface project review
Benjamin Kaduk
kaduk at MIT.EDU
Fri Aug 9 16:04:32 EDT 2013
On Wed, 7 Aug 2013, Greg Hudson wrote:
> I have a design and candidate implementation for a host-realm pluggable
> interface ready. The design is at:
>
> http://k5wiki.kerberos.org/wiki/Projects/Host-realm_pluggable_interface
>
> and the candidate implementation is in the top five commits at:
>
> https://github.com/greghudson/krb5/commits/hostrealm
>
> This is pretty straightforward stuff, but comments are appreciated.
The comment above the typedef for krb5_hostrealm_fini_fn should probably
indincate that it is mandatory if krb5_hostrealm_init_fn is supplied.
I wonder if lib/krb5/os/hostrealm.c:copy_list() would be useful in an
internal library instead of a file-static routine.
It seems like the fallback to referrals in krb5_get_fallback_host_realm()
could use the k5_make_realmlist() helper routine?
I assume you did manual testing of the plugin-ized dns bits, since
automated testing is infeasible?
Going through the code caused me to note that our domain_realm
implementation has an entry for mit.edu match a.mit.edu (just as an entry
for .mit.edu would), so our documentation is wrong or misleading. I'll
try to work on that.
As you said, this is pretty straightforward, otherwise.
-Ben
More information about the krbdev
mailing list