logo_kerberos.gif

Release Meeting Minutes/2010-05-04

From K5Wiki
< Release Meeting Minutes
Revision as of 19:26, 3 January 2011 by TomYu (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Zhanna Tsitkova, Greg Hudson, Tom Yu, Will Fiveash, Sam Hartman, Robert Relyea

Plugin architecture

alternative implementations of single functionality vs implementations of multiple functionalities?

Sam
static plugin needs a config file?
Zhanna
yes
Sam
Good to have more [pluggable] infrastructures. Want uniform way of specifying configuration (for plugins)... want some explanation of "factory". Why is it called "factory"? Why do you want groupings? Want better separation of configuration vs headers. OK to use krb5 config stuff for GSS mechglue. Approach as described by Zhanna is problematic for Debian... can't package using a single config file. Undesirable to require configuration for static plugins [built-in modules]. Service vs listener distinction seems intrinsic to code [interface?], and shouldn't be in the config. Are multiple plugin managers really needed?
Greg
...embedded situation: might want to interoperate, allow applications to control how plugins are loaded.
Sam
Talk to TeamF1 or Mark Eichin. RFID [...] do their own build of some Linuxes, lightly customized.
Will
...programatically alter configs. Shawn Emery is more directly involved with the people requesting pluggable config. [Zhanna?] Didn't explicitly state MT-safety... a general concern about plugins. Take care of shape plugin interfaces take so to make it easier to be MT-safe.
Sam
Concerns about hash validation concept: why not make it the problem of the OS?
Zhanna
removed.
Will
(void*)? type safety. [use pointers to incomplete structs instead]. Problems with scanning a directory for modules. OpenSSL being loaded by a Kerberos app loading pkinit, but application independently uses OpenSSL... crash.
Greg
That is partly due to global state in OpenSSL [RTLD_GROUP, etc. don't save you because that is a name resolution thing, not total runtime isolation]

[Is automatic enable the right default?]

Sam
Carefully consider how it interacts with init_secure.
Personal tools