[16454] in Kerberos_V5_Development
Re: Plugin development
daemon@ATHENA.MIT.EDU (W. Michael Petullo)
Tue Nov 9 13:23:18 2010
Date: Tue, 9 Nov 2010 12:23:05 -0600
From: "W. Michael Petullo" <mike@flyn.org>
To: "krbdev@mit.edu" <krbdev@mit.edu>
Message-ID: <20101109182305.GA15168@imp.local>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <1289323334.2633.1048.camel@ray>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
>> I am interested in developing a krb5 1.8 plugin that announces a login
>> using D-Bus. I'd like to have other daemons use this information to
>> perform various actions to prepare an environment for the use by a user.
> Can you explain, independent of the idea of plugins, what behavior you
> want the Kerberos library to exhibit? The Kerberos library is typically
> used by a system's login process, but does not control it, so there is
> not necessarily a good integration point for announcing a login. It's
> possible that what you want is a PAM module.
>
> Your question does point out that we could benefit from a central list
> of pluggable interfaces for developers.
The network I support is a heterogenous collection of machines,
otherwise targetting PAM might make sense (I've done PAM modules in the
past). What is consistent is that all machines are configured to use
krb5 for authentication. This is why I am considering working at the
point of issuing Kerberos credentials. There are local accounts too, but
a login to one of these would not need to be announced -- the evironment
preparation would not be required in their case.
--
Mike
:wq
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
