On Fri, 27 May 2016, Nathaniel McCallum wrote:
All core functionality for authentication indicators has already been
merged. All that is left is the CLI and UI patches. Attached is the CLI
patch.

One outstanding question that I have is how to future-proof this patch.
Right now, we want to only permit two possible values: otp and radius.
So we are using an StrEnum. However, in the future (probably after
krb5-spake) we may want to have per-token custom indicators. That means
that this value will need to become a Str.
PKINIT has already support for AI, so it would be good to add pkinit
indicator as well. The problem here is that pkinit indicator is not
fixed and can be defined in the krb5.conf.

How do I code this so that we can later do a StrEnum => Str transition
without breaking API?
Maybe just go to Str* right now and make a validation function that
performs the actual check? Once you'd upgrade the validation code would
change but method signature wouldn't.


--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to