9:36 a.m.
Hi,
There's a naïve plugin system in place in the otp branch of
git://git.nordu.net/krb-otp.git, based on the AuthHub code.
It's all static and a bit clumsy a.t.m. with the OTP FAST plugin
depending on everything that its "methods" depend on.
The interface is agnostic to Kerberos implementation in an attempt to
make OTP methods easier to deploy. Whether this holds water is
something yet to be seen. Configuration is split up into kdb and config
(krb5.conf) with the kdb per-principal data in turn split up in two
parts. One entry (krbExtraData in MIT) is used by the OTP plugin for
selecting OTP method. The other is an opaque blob not interpreted by
generic code, as earlier suggested by Dmitri
Some error and memory handling cleanup has been done but there are still
lots of issues with how requests are verified by the KDC. Looking into
this shortly.
There's a simple plugin using libcurl to do http(s) basic authentication
in m_basicauth.[ch].
The original Yubikey functionality can be found in m_ykclient.[ch].
It's all mostly untested.
9:49 a.m.
On 05/10/2011 10:36 AM, Linus Nordberg wrote:
Hi,
There's a naïve plugin system in place in the otp branch of
git://git.nordu.net/krb-otp.git, based on the AuthHub code.
It's all static and a bit clumsy a.t.m. with the OTP FAST plugin
depending on everything that its "methods" depend on.
The interface is agnostic to Kerberos implementation in an attempt to
make OTP methods easier to deploy. Whether this holds water is
something yet to be seen. Configuration is split up into kdb and config
(krb5.conf) with the kdb per-principal data in turn split up in two
parts. One entry (krbExtraData in MIT) is used by the OTP plugin for
selecting OTP method. The other is an opaque blob not interpreted by
generic code, as earlier suggested by Dmitri
Some error and memory handling cleanup has been done but there are still
lots of issues with how requests are verified by the KDC. Looking into
this shortly.
There's a simple plugin using libcurl to do http(s) basic authentication
in m_basicauth.[ch].
The original Yubikey functionality can be found in m_ykclient.[ch].
It's all mostly untested.
Great! Thank you for the update.
_______________________________________________
authhub-devel mailing list
authhub-devel(a)lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/authhub-devel
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
9:54 a.m.
On Tue, May 10, 2011 at 04:36:53PM +0200, Linus Nordberg wrote:
Hi,
There's a naïve plugin system in place in the otp branch of
git://git.nordu.net/krb-otp.git, based on the AuthHub code.
It's all static and a bit clumsy a.t.m. with the OTP FAST plugin
depending on everything that its "methods" depend on.
The interface is agnostic to Kerberos implementation in an attempt to
make OTP methods easier to deploy. Whether this holds water is
something yet to be seen. Configuration is split up into kdb and config
(krb5.conf) with the kdb per-principal data in turn split up in two
parts. One entry (krbExtraData in MIT) is used by the OTP plugin for
selecting OTP method. The other is an opaque blob not interpreted by
generic code, as earlier suggested by Dmitri
Some error and memory handling cleanup has been done but there are still
lots of issues with how requests are verified by the KDC. Looking into
this shortly.
There's a simple plugin using libcurl to do http(s) basic authentication
in m_basicauth.[ch].
The original Yubikey functionality can be found in m_ykclient.[ch].
It's all mostly untested.
Great, I only had a short glance on the patches. The cleanups are very
nice. Only checking a pointer before calling free() is not necessary. I
know there are some krb5_*_free() call which don't like NULL, but call
free(NULL) should be safe on any platform. Please correct me if I'm
wrong :-)
I will run some tests later this week.
bye,
Sumit
_______________________________________________
authhub-devel mailing list
authhub-devel(a)lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/authhub-devel
5:26 p.m.
Sumit Bose <sbose(a)redhat.com> wrote
Tue, 10 May 2011 16:54:27 +0200:
| Great, I only had a short glance on the patches. The cleanups are very
| nice. Only checking a pointer before calling free() is not necessary. I
| know there are some krb5_*_free() call which don't like NULL, but call
| free(NULL) should be safe on any platform. Please correct me if I'm
| wrong :-)
You're right. I'll revert those changes.
Thanks.
4740
days inactive
4740
days old
authhub-devel@lists.fedorahosted.org
3 comments
3 participants
participants (3)
-
Dmitri Pal -
Linus Nordberg -
Sumit Bose