Dynamic deployment of new preauth plugin for client and kdc

Greg Hudson ghudson at MIT.EDU
Tue May 27 12:36:39 EDT 2014

On 05/27/2014 09:26 AM, drankye wrote:
> I'm developing a new preauth mechanism like otp based on FAST tunnel, and
> wish it's possible to deploy my new plugin module by just dropping the so
> file into place

This isn't possible with most currently pluggable interfaces;
third-party modules need to be registered in the profile.  See:


(The example there probably shouldn't use "otp", since we now ship an
effectively built-in otp clpreauth module.)

Older pluggable interfaces--the only current public example is the
"locate" interface--did allow modules to simply be dropped into place.
We received feedback from downstream distributors that this was
undesirable; it made it impossible (or at least awkward) to have the
binary package for a module installed but have the module disabled.

See also this thread:


More information about the krbdev mailing list