Difference between revisions of "Developing a preauth plugin"
From K5Wiki
(→Debugging Tips) |
(→Debugging Tips) |
||
Line 14: | Line 14: | ||
== Debugging Tips == |
== Debugging Tips == |
||
* Define <code>DEBUG</code> as part of your build to tickle logging of more info in your KDC log file (proabably <code>krb5kdc.log</code>). |
* Define <code>DEBUG</code> as part of your build to tickle logging of more info in your KDC log file (proabably <code>krb5kdc.log</code>). |
||
− | * Make liberal use of <code>krb5_klog_syslog</code> |
+ | * Make liberal use of <code>krb5_klog_syslog</code> by including <code><syslog.h></code> and linking against <code>kadm5<something></code> |
Revision as of 11:29, 30 April 2010
Recommended Reading
- Read RFC 4210
- Read
draft-ietf-krb-wg-preauth-framework
(version 16 current as of 4/27/2010) - Read
src/include/krb5/preauth_plugin.h
- Read
src/plugins/preauth/encrypted_challenge/*
for a (tragically) comment-less implementation of a preauth plugin implemented using FAST - ghudson's quick flow overview at http://mailman.mit.edu/pipermail/krbdev/2010-April/008891.html
Pre-authentication Limitations
- There is no way to require that a certain preauth method is used.
- Likewise, there is also no way to indicate a preferred preauth flow (method A, then B, then C).
References for above: http://mailman.mit.edu/pipermail/krbdev/2010-April/008902.html
Debugging Tips
- Define
DEBUG
as part of your build to tickle logging of more info in your KDC log file (proabablykrb5kdc.log
). - Make liberal use of
krb5_klog_syslog
by including<syslog.h>
and linking againstkadm5<something>