[16941] in Kerberos_V5_Development
Re: Authdata, preauth plugin headers
daemon@ATHENA.MIT.EDU (Sam Hartman)
Mon Jun 27 07:43:44 2011
From: Sam Hartman <hartmans@mit.edu>
To: Greg Hudson <ghudson@mit.edu>
Date: Mon, 27 Jun 2011 07:43:37 -0400
In-Reply-To: <1308319090.2281.300.camel@t410> (Greg Hudson's message of "Fri,
17 Jun 2011 09:58:10 -0400")
Message-ID: <tsl62nrzehi.fsf@mit.edu>
MIME-Version: 1.0
Cc: "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
>>>>> "Greg" == Greg Hudson <ghudson@MIT.EDU> writes:
Greg> On Thu, 2011-06-09 at 12:25 -0400, Greg Hudson wrote:
>> 1. Use the new plugin framework.
Greg> I've committed this to the trunk. Anyone working on preauth
Greg> plugins for 1.10 should feel free to contact me (via IRC or
Greg> email) if they need help adjusting.
>> 2. Provide a way to get and set the cookie.
Greg> For current use cases, the only place you'd want to set a
Greg> cookie is in get_edata. So adding a cookie parameter there
Greg> should be sufficient for now.
I think it's really important that the KDc handle hard parts of cookie
management itself:
* combining cookies from multiple mechanisms
* Doing the encryption
* managing expiration.
Supporting that reasonably is why I didn't make an interface in the
current mechanism.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
