[16184] in Kerberos_V5_Development
Re: Password quality pluggable interface scope
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Aug 27 14:20:34 2010
From: Greg Hudson <ghudson@mit.edu>
To: Russ Allbery <rra@stanford.edu>
In-Reply-To: <878w3s3pkr.fsf@windlord.stanford.edu>
Date: Fri, 27 Aug 2010 14:20:30 -0400
Message-ID: <1282933230.9882.109.camel@ray>
Mime-Version: 1.0
Cc: "krbdev@MIT.EDU" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Fri, 2010-08-27 at 13:58 -0400, Russ Allbery wrote:
> Greg Hudson <ghudson@MIT.EDU> writes:
>
> > Plugin modules can read profile associations; consider PKINIT
> > configuration variables, for example, or LDAP back-end configuration.
>
> What interface does this use now? This was one of the biggest problems
> that I ran into when I wrote the plugins originally, since there wasn't
> any interface available other than krb5_appdefault* (which is a horrible
> interface).
krb5_get_profile() followed by some variant of profile_get_values().
This isn't new stuff, so perhaps there's some reason I don't know about
why it's not adequate? (In-tree plugins tend to access context->profile
directly.)
I hadn't run across krb5_appdefault* before; I don't think it would be
appropriate for plugins, but I am curious what's horrible about it.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
