Thank you very much for the thorough response, and the kind offer of code. I am very intrigued by the kadmin plugin architecture that you have described, and wish I had the time to devote to such a project. Unfortunately for now, I will probably couple the password admin ACL layer directly into our homegrown web-based admin toolset.
<snip source="[EMAIL PROTECTED]"> > > I wrote a plug-in architecture for the MIT krb5kdc/kadmind system > which allow them to be functionally extended with shared library > plug-ins. The kadmind plug-in currently implements storage of raw > passwords, ala AD, within the database. It wouldn't be a stretch to > implement a hook within this framework to poll LDAP for a list of the > identities which a principal with administrative rights could execute > changes against. > </snip> Is there any chance that the main MIT codebase would ever include such a plugin architecture, to facilitate extended functionality such as my complex ACL use case? Thank you again, -Matt ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
