Project review: kuserok/an2ln pluggable interface
Sumit Bose
sbose at redhat.com
Wed Feb 6 04:25:21 EST 2013
On Thu, Jan 31, 2013 at 09:09:26PM -0500, Greg Hudson wrote:
> I've created a project page at:
>
> http://k5wiki.kerberos.org/wiki/Projects/Local_authentication_pluggable_interface
>
> I haven't begun implementing this yet. Feedback is welcome. I'm
> particularly interested in the design of the an2ln methods. Currently
> the writeup describes a hybrid design where you can plug into the
> existing auth_to_local value processing, or bypass it and control all
> an2ln operations without any parameterization.
Thank you for creating the design. I have a few questions and comments.
About an2ln_all. I think there are two contradicting sentences, "If
multiple modules implement an2ln_all, the order in which they are
consulted is not defined" and "Module registration will fail ... if it
implements an2ln_all and a previous module already implements that
method."
If both an2ln_all and an2ln are available and configured, which method
is used first? I guess an2ln comes first.
Can a module implement both an2ln_all and an2ln?
I guess module registration will fail if an2ln is implemented without
an2ln_types and if an2ln_types is implemented without an2ln?
Where will the modules be searched? $(MODULE_DIR)/an2ln ?
Do I understand it correctly that if a modules implements an2ln_all it
will extend the default behaviour in the sense that no explicit
auth_to_local lines in /etc/krb5.conf are needed?
bye,
Sumit
> _______________________________________________
> krbdev mailing list krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
More information about the krbdev
mailing list