On Wed, 2008-09-03 at 13:19 -0500, Will Fiveash wrote: > On Wed, Sep 03, 2008 at 02:52:21PM +0200, Mark Phalan wrote: > > Hi Will, > > > > With MIT Kerberos the following directory structure is used to store > > plugins: > > > > <prefix>/lib/krb5/plugins > > <prefix>/lib/krb5/plugins/kdb > > <prefix>/lib/krb5/plugins/kdb/db2.so > > <prefix>/lib/krb5/plugins/preauth > > <prefix>/lib/krb5/plugins/preauth/pkinit.so > > > > Was there any reason you didn't follow the MIT convention with plugin > > directories when integrating the LDAP plugin support? > > I can not remember what I was thinking at the time but I'm guessing that > since the KDB plugins are explicitly configured in krb5.conf with the: > > The [dbmodules] Section > This section consists of relations that provide configura- > tion information for plug-in modules. In particular, the > relations describe the configuration for LDAP KDB plug-in. > Note that use of the db2 KDB plug-in is the default behavior > and that this section does not need to be filled out in that > case. > > db_library > > Name of the plug-in library. To use the LDAP KDB plug-in > the name must be kdb_ldap. The default value is db2. > > db_module_dir > > Path to the plug-in libraries. The default is > /usr/lib/krb5. > > that it kept the config simpler. Note that these were the parameters > used at the time I ported the MIT ldap plugin code to Solaris. It is > possible that things have changed since in the MIT tree. For example I > see that they do not have a db_module_dir so I bet the code now has more > assumptions about the plugin dir structure. > > So the choices are: > > 1. Leave the KDB plugins where they are and use the plugins/preauth > dir structure for the preauth plugins. > > 2. Move the KDB plugins as well but this will entail some documentation > modification and a ARC review.
Ok. I think the easiest way forward is to go with (1). I think that the KDB plugins should be moved too but that can be done at a later time (to pkinit). -M
