[16379] in Kerberos_V5_Development
Review of Projects/Kadmin hook interface
daemon@ATHENA.MIT.EDU (Sam Hartman)
Mon Sep 27 13:57:05 2010
From: Sam Hartman <hartmans@mit.edu>
To: krbdev@mit.edu
Date: Mon, 27 Sep 2010 13:56:54 -0400
Message-ID: <tslpqvzvzmh.fsf@live.suchdamage.org>
MIME-Version: 1.0
Cc: lha@h5l.org, rra@stanford.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
I've started a review of
http://k5wiki.kerberos.org/wiki/Projects/Kadmin_hook_interface; send
comments by 2010-10-06.
Here is the brief overview; see the wiki for a proposed header file.
The Kadm5 hook interface provides a plugin interface for plugins to be
aware of administrative operations for kadm5 principals. Plugins track
the following administrative operations:
* Principal creation
* Change password
* Principal modification
The plugins are called twice: once in a precommit phase before the
operation takes place and if no plugins fail and the database is
updated, once in a postcommit operation. This interface is based on a
proposed patch to Heimdal by Russ Allbery for the [8]krb5-sync plugin.
Russ indicated that Heimdal is likely to adopt an approach based on
stackable database plugins rather than his approach. That's probably
undesirable for MIT because the kadm5 API is more stable than the KDB
API and because this interface is easier for plugin authors than
writing a KDB module. This interface has the following changes from
Russ's interface:
1. Opaque struct rather than void * for the module context
2. Include key-salt tuples for create/chpass
3. Add a remove entry point
4. Remove name and vendor entries to be consistent with other plugin
framework uses
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
