Difference between revisions of "Developing a preauth plugin"
From K5Wiki
| Line 1: | Line 1: | ||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| − | |||
| ⚫ | |||
| − | |||
== Highly Recommended Reading to even Get Started == |
== Highly Recommended Reading to even Get Started == |
||
* Read RFC 4210 |
* Read RFC 4210 |
||
| Line 11: | Line 5: | ||
* Read <code>src/plugins/preauth/encrypted_challenge/*</code> for a (tragically) comment-less implementation of a preauth plugin implemented using FAST |
* Read <code>src/plugins/preauth/encrypted_challenge/*</code> for a (tragically) comment-less implementation of a preauth plugin implemented using FAST |
||
* ghudson's quick flow overview at http://mailman.mit.edu/pipermail/krbdev/2010-April/008891.html |
* ghudson's quick flow overview at http://mailman.mit.edu/pipermail/krbdev/2010-April/008891.html |
||
| + | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| + | |||
| ⚫ | |||
== Debugging Tips == |
== Debugging Tips == |
||
Revision as of 22:01, 27 April 2010
Highly Recommended Reading to even Get Started
- Read RFC 4210
- Read
draft-ietf-krb-wg-preauth-framework(version 16 current as of 4/27/2010) - Read
src/include/krb5/preauth_plugin.h - Read
src/plugins/preauth/encrypted_challenge/*for a (tragically) comment-less implementation of a preauth plugin implemented using FAST - ghudson's quick flow overview at http://mailman.mit.edu/pipermail/krbdev/2010-April/008891.html
Pre-authentication Limitations
- There is no way to require that a certain preauth method is used.
- Likewise, there is also no way to indicate a preferred preauth flow (method A, then B, then C).
References for above: http://mailman.mit.edu/pipermail/krbdev/2010-April/008902.html
Debugging Tips
-
#define DEBUG 1in the top ofsrc/kdc/kdc_preauth.cto tickle logging of more info in your KDC log file (proabablykrb5kdc.log). - Make liberal use of
krb5_klog_syslog
