[nssldap] Kerberos enhancement patch
[Date Prev][Date Next] [Thread Prev][Thread Next][nssldap] Kerberos enhancement patch
- From: Howard Wilkinson <howard [at] cohtech.com>
- To: nssldap [at] padl.com
- Subject: [nssldap] Kerberos enhancement patch
- Date: Fri, 14 Sep 2007 15:24:22 +0100
Title: Signature
|
I have submitted a patch to nss_ldap-256 to enhance the kerberos
facility within the library for SASL credentials. This is patch 339 and it adds facilities to allow the credentials to be renew and refresh while a daemon is running. This code can either work in conjunction with the supply of an extra package such as kstart (k5start daemon) or can undertake the renewal of the credentials of the daemon itself. I have not made much effort to make the code thread safe and would be obliged if someone could have alook adn see if there is anything I should clean up in this regard. There is also an underlying problem with the code in that if the library is not called during the time when the credentials are expiring but have not expired, then the renewal cannot happen. The current system allows you to provide a keytab and this will refresh the credentials in this circumstances, but I would prefer to have the option of running a separate thread that woke up in time to renew the credentials. Before haring off and implementing this I would like some comments for the list members on their thoughts about how this should be done (my threading code is very rusty so some example code would be nice as well). Regards, Howard. |
- [nssldap] Kerberos enhancement patch, Howard Wilkinson
- Prev by Date: Re: [nssldap] nss netgroup host support in linux
- Next by Date: Re: [nssldap] nss netgroup host support in linux
- Previous by thread: Re: [nssldap] nss netgroup host support in linux
- Next by thread: [nssldap] boot failure (using local files) if ldap unavailable