Dynamic deployment of new preauth plugin for client and kdc
Greg Hudson
ghudson at MIT.EDU
Tue May 27 12:36:39 EDT 2014
On 05/27/2014 09:26 AM, drankye wrote:
> I'm developing a new preauth mechanism like otp based on FAST tunnel, and
> wish it's possible to deploy my new plugin module by just dropping the so
> file into place
This isn't possible with most currently pluggable interfaces;
third-party modules need to be registered in the profile. See:
http://web.mit.edu/kerberos/krb5-latest/doc/admin/host_config.html#plugin-config
(The example there probably shouldn't use "otp", since we now ship an
effectively built-in otp clpreauth module.)
Older pluggable interfaces--the only current public example is the
"locate" interface--did allow modules to simply be dropped into place.
We received feedback from downstream distributors that this was
undesirable; it made it impossible (or at least awkward) to have the
binary package for a module installed but have the module disabled.
See also this thread:
http://mailman.mit.edu/pipermail/krbdev/2010-July/009171.html
More information about the krbdev
mailing list