directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enrique Rodriguez" <>
Subject [TripleSec] [Kerberos] Making pre-auth verifiers pluggable
Date Fri, 10 Aug 2007 01:09:28 GMT
Hi, Directory developers,

I'd like to make pre-auth verifiers "pluggable."  We currently ship a
fixed set of pre-auth verifiers in the Kerberos protocol and we have a
static setter hack in place to allow TripleSec to set its
HotpVerifier.  I believe this predates how we currently do such

I'd like to update this to follow the convention of how Authenticators
are configured in the core, namely how the core AuthenticationService
allows a developer or admin to register and unregister Authenticators,
in code or by (today) Spring XML.

I think this would be handy for writing integration tests and I think
it would make it easier to maintain TripleSec.  If this makes sense
I'd like to update it this month and I'd keep an eye on things to make
sure this doesn't break TripleSec.

This would also allow me to begin dismantling the chains in
protocol-kerberos, starting with the pre-authentication verifier
chain.  I currently have good test coverage of protocol-kerberos and I
have a couple more tests specifically for pre-auth that I would commit
before starting this work.


View raw message