Hi, Directory developers, I'd like to make pre-auth verifiers "pluggable." We currently ship a fixed set of pre-auth verifiers in the Kerberos protocol and we have a static setter hack in place to allow TripleSec to set its HotpVerifier. I believe this predates how we currently do such configuration.
I'd like to update this to follow the convention of how Authenticators are configured in the core, namely how the core AuthenticationService allows a developer or admin to register and unregister Authenticators, in code or by (today) Spring XML. I think this would be handy for writing integration tests and I think it would make it easier to maintain TripleSec. If this makes sense I'd like to update it this month and I'd keep an eye on things to make sure this doesn't break TripleSec. This would also allow me to begin dismantling the chains in protocol-kerberos, starting with the pre-authentication verifier chain. I currently have good test coverage of protocol-kerberos and I have a couple more tests specifically for pre-auth that I would commit before starting this work. Enrique
