"Matthew J Smith" <[EMAIL PROTECTED]> writes: > <snip source="[EMAIL PROTECTED]"> >> >> I wrote a plug-in architecture for the MIT krb5kdc/kadmind system >> which allow them to be functionally extended with shared library >> plug-ins. The kadmind plug-in currently implements storage of raw >> passwords, ala AD, within the database. It wouldn't be a stretch to >> implement a hook within this framework to poll LDAP for a list of the >> identities which a principal with administrative rights could execute >> changes against. >> > </snip>
> Is there any chance that the main MIT codebase would ever include such a > plugin architecture, to facilitate extended functionality such as my > complex ACL use case? Count Stanford University as another group interested in such a thing. We have our own policy and authorization layer sitting in front of kadmin right now, but it would be really nice to replace that with hooks inside kadmind so that users could follow standard web documentation for downloading keytabs without having to use Stanford-specific programs. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
