Projects/DB Entry Redesign

From K5Wiki
Jump to: navigation, search
This is an early stage project for MIT Kerberos. It is being fleshed out by its proponents. Feel free to help flesh out the details of this project. After the project is ready, it will be presented for review and approval.

This project has been split out of Projects/Database Access Layer cleanup.


The current in-memory data structure for KDB principal entries is designed around the needs of the DB2 module. As a result, it is at times cumbersome to use by the KDB and kadmind, which must search through the tl_data table for information not originally represented in DB2 databases.


This project is to redesign the in-memory structure for KDB principal entries, either by making it totally opaque, or just by making it more logical from the perspective of the KDC and kadmind. Specific desirables include:

  • Eliminate e_length, e_data, and tl_data, replacing them with the logical elements currently stored using tl_data.
  • Provide a well-defined place for module-specific entry data.
  • Abstract key data accesses through a functional interface, to better handle AD-style modules which store the password rather than a list of keys.