Dynamic deployment of new preauth plugin for client and kdc
kai.zheng at intel.com
Tue May 27 09:26:38 EDT 2014
I'm developing a new preauth mechanism like otp based on FAST tunnel, and
wish it's possible to deploy my new plugin module by just dropping the so
file into place like /usr/local/lib/krb5/plugins/preauth/ just as existing
plugin modules do, like otp.so and pkinit.so. However, I found it's not
enough, and also have to modify the following places to register a new entry
for the plugin:
In preauth2.c:k5_init_preauth_context(krb5_context context),
k5_plugin_register_dyn(context, PLUGIN_INTERFACE_CLPREAUTH, "pkinit",
k5_plugin_register(context, PLUGIN_INTERFACE_CLPREAUTH, "otp",
k5_plugin_register_dyn(context, PLUGIN_INTERFACE_KDCPREAUTH, "pkinit",
k5_plugin_register_dyn(context, PLUGIN_INTERFACE_KDCPREAUTH, "otp",
Should this be true or anything I'm getting wrong? Should I have to modify
the main programs (kinit & kdc) other than coming up my new preauth plugin?
If so I would contribute and provide a patch to make it true. By
configuration, we would allow client and kdc both scan the preauth plugin
folder to get and load all pre-configured plugin modules. Thus when new
plugin is out, only configuration is needed to update to deploy it.
Thanks for your correction and suggestion.
View this message in context: http://kerberos.996246.n3.nabble.com/Dynamic-deployment-of-new-preauth-plugin-for-client-and-kdc-tp40439.html
Sent from the Kerberos - Dev mailing list archive at Nabble.com.
More information about the krbdev