directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enrique Rodriguez" <>
Subject Re: [ApacheDS] Cost of interceptors
Date Mon, 28 May 2007 07:18:33 GMT
On 5/27/07, Emmanuel Lecharny <> wrote:
> ...
> However, if there are costly operations occuring in those interceptors,
> then this is another story...
> Which interceptors will be added ?

PasswordPolicyService - no deps outside core, engages on password add/mod.
KeyDerivationService - deps on kerberos-shared, engages on password add/mod.
KeyExportService - deps on kerberos-shared, engages on key export from DIT.

These interceptors only engage when passwords are set/reset or when a
Kerberos Key is exported from the DIT.  For password changes you can
imagine the frequency of interception and key export is relatively
rare, basically when machine credentials must be provisioned to a new
service, like a newly installed LDAP server.

I should mention I have a 4th interceptor in the works, that I'm
currently calling the "CatalogService."  The CatalogService will
support multi-realm for LDAP SASL DIGEST-MD5 and GSSAPI, Change
Password, and Kerberos (and someday multi-zone for DNS, subnets for
DHCP, etc).


View raw message