directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu" <>
Subject Re: [Kerberos] PKINIT support
Date Mon, 24 Sep 2007 02:31:13 GMT
On 9/23/07, Enrique Rodriguez <> wrote:
> On 9/22/07, Alex Karasulu <> wrote:
> > IMO if you have some time you might want to start work on some developer
> > documentation
> > on DNS as well as a user's guide so we can attract more committers while
> > answering user
> > questions around DNS.
> > ...
> Point taken.  I will prioritize this higher than new features, such as
> PKINIT or StartTLS.

StartTLS is fine for you to work on since we can support that code - the
code already
exists anyway and just needs a clean up and placement into the project.

The problem lies in code bases which we cannot support as a team and
that's the whole point to this.  So don't get the wrong idea that people
don't want you to add new things.  It's just we don't want you to add new
things that we cannot support as a team.

Let's not sway onto the opposite end of the spectrum either.

> ...
> > Secondly with respect to technical matters how does this impact what we
> have
> > in Triplesec
> > with HOTP?  Is this another SAM type for the kerberos server which uses
> the
> > class loading
> > scheme we already have in place for verifiers?
> My plan is to make pre-auth verifiers "pluggable" in the same way that
> core Authenticators can be configured via Spring XML.  I am committed
> to supporting Triplesec such that the HOTP verifier works after this
> configuration change.  Though, since last I checked, Triplesec builds
> against a 1.0, this is moot until Triplesec moves to the next stable
> branch.

I think Christine made it build now with 1.5 just recently.


View raw message