On 9/22/07, Alex Karasulu <[EMAIL PROTECTED]> wrote: > IMO if you have some time you might want to start work on some developer > documentation > on DNS as well as a user's guide so we can attract more committers while > answering user > questions around DNS. > ...
Point taken. I will prioritize this higher than new features, such as PKINIT or StartTLS. > ... > Secondly with respect to technical matters how does this impact what we have > in Triplesec > with HOTP? Is this another SAM type for the kerberos server which uses the > class loading > scheme we already have in place for verifiers? My plan is to make pre-auth verifiers "pluggable" in the same way that core Authenticators can be configured via Spring XML. I am committed to supporting Triplesec such that the HOTP verifier works after this configuration change. Though, since last I checked, Triplesec builds against a 1.0, this is moot until Triplesec moves to the next stable branch. The class loading scheme only allows one plug-in. This configuration/plugin change is separate from PKINIT, which would use this "plugin point" just like HOTP will. PKINIT is not another SAM type. PKINIT has its own base RFC with its own pre-auth type. Enrique
