On Tue, May 10, 2011 at 04:36:53PM +0200, Linus Nordberg wrote:
Hi,
There's a naïve plugin system in place in the otp branch of
git://git.nordu.net/krb-otp.git, based on the AuthHub code.
It's all static and a bit clumsy a.t.m. with the OTP FAST plugin
depending on everything that its "methods" depend on.
The interface is agnostic to Kerberos implementation in an attempt to
make OTP methods easier to deploy. Whether this holds water is
something yet to be seen. Configuration is split up into kdb and config
(krb5.conf) with the kdb per-principal data in turn split up in two
parts. One entry (krbExtraData in MIT) is used by the OTP plugin for
selecting OTP method. The other is an opaque blob not interpreted by
generic code, as earlier suggested by Dmitri
Some error and memory handling cleanup has been done but there are still
lots of issues with how requests are verified by the KDC. Looking into
this shortly.
There's a simple plugin using libcurl to do http(s) basic authentication
in m_basicauth.[ch].
The original Yubikey functionality can be found in m_ykclient.[ch].
It's all mostly untested.
Great, I only had a short glance on the patches. The cleanups are very
nice. Only checking a pointer before calling free() is not necessary. I
know there are some krb5_*_free() call which don't like NULL, but call
free(NULL) should be safe on any platform. Please correct me if I'm
wrong :-)
I will run some tests later this week.
bye,
Sumit
_______________________________________________
authhub-devel mailing list
authhub-devel(a)lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/authhub-devel