[16194] in Kerberos_V5_Development
Re: Pasword quality pluggable interface project review
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Aug 30 11:54:05 2010
From: Greg Hudson <ghudson@mit.edu>
To: Marcus Watts <mdw@umich.edu>
In-Reply-To: <E1Oq6RD-00079k-2F@bruson.ifs.umich.edu>
Date: Mon, 30 Aug 2010 11:54:01 -0400
Message-ID: <1283183641.9882.164.camel@ray>
Mime-Version: 1.0
Cc: "krbdev@MIT.EDU" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Mon, 2010-08-30 at 11:38 -0400, Marcus Watts wrote:
> By "new plugin model" do you mean krb5int_open_plugin_dirs /
> krb5int_get_plugin_dir_data or something else? If you mean these
> functions then it's already done. If it's something else, then
> I guess it depends on how closely the new functionality matches these.
http://k5wiki.kerberos.org/wiki/Projects/Plugin_support_improvements
What we arrived at doesn't have the properties you discussed about the
PAM framework:
* Module registrations aren't parameterized (but modules can read
associations from the profile, so they don't require separate config
files).
* Module registrations aren't ordered.
* Registration of built-in modules is automatic, although built-in
modules can be disabled.
* Modules cannot be multiply registered; the end result of module
registration is a mapping of name to (unique) module, even for
one-to-many interfaces (such as password quality) where module names are
unimportant.
While we still have the technical freedom to replace this model with
something more PAM-like, I'm not currently convinced that it's
desirable.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
