[17414] in Kerberos_V5_Development
Re: SASL support for kldap
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Nov 14 11:42:13 2011
Message-ID: <4EC144E0.6020008@mit.edu>
Date: Mon, 14 Nov 2011 11:42:08 -0500
From: Greg Hudson <ghudson@mit.edu>
MIME-Version: 1.0
To: Chris Hecker <checker@d6.com>
In-Reply-To: <4EC0A597.9030800@d6.com>
Cc: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On 11/14/2011 12:22 AM, Chris Hecker wrote:
> Any hope of getting this integrated into the trunk?
We have been regrettably slow about processing this work, due to
resource constraints. I do have some notes about it, which I should
have sent long ago:
* There is a lot of duplication of parameter names for
KDC/kadmind/kpasswdd. It turns out that kpasswdd isn't a separate
service as far as the DAL is concerned (there's a constant defined for
it but it's never used). Beyond that, we'd want to introduce a more
structured convention for differentiating LDAP options between the KDC
and kadmind before introducing 13 new config parameters with global,
KDC, and kadmind variants.
* There's also a lot of repeated code for processing these options.
That would need to be refactored.
* We would need to document this while integrating it, since the patch
doesn't include amendments to our texinfo documentation (or the RST
conversion of it).
* We would need to test this, at least manually, while integrating it,
which requires a fair amount of spin-up time on OpenLDAP setup. (Adding
automated testing for the LDAP back end is on my private hit list for
1.11, but I don't know if testing SASL access is likely to be feasible
when I do that.)
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
