Re: [SSSD] [PATCHES] Add support for multiple servers in the Kerberos locator plugin

This is sadly a final NACK. We discussed this on IRC, and we agreed this approach is a dead end. There are various reasons. The concurrency issue comes in in threaded applications where multiple threads use kerberos at the same time (gss-proxy is one such example). Another issue is the fact that talloc is still use statically compiled in some samba binaries and dragging in talloc as a dependency to the kerberos library (also used by samba) could cause very bad issues if the 2 version do not match precisely. In general we should try to do as little as possible in the locator plugin itself as it runs within applications that link libkrb5. A preliminary consensus seem to be that we should adopt a sss-client like interface so we can just reuse our client code already used with nss and pam interfaces there and the memory cache with it, the shared cache and all the client code is already thread safe and most importantly it is already well tested as safe and reduces the amount of memory management and need to parsing to nothing not already implemented. Stephen will post later a new design document for this feature.