As long as we are headed in that direction would it make sense to the Kerberos community for us to begin looking at the issues that would need to be addressed with providing an alternate fulfillment hook for krb5_kuserok? Considering the discussions on the topic, extending functionality for krb5_kuserok would seem to be an obvious candidate for inclusion into the plug-in architecture.
Any comments or suggestions would be welcome.
I for one would love to see a mechanism for retrieving authorization data from an ldap directory. some sort of plaintext mapping file support would also probably be nice(system, not user managed).
-Matt Andrews
--Sam
Best wishes for a productive end of the week to everyone.
}-- End of excerpt from Sam Hartman
As always, Dr. Greg 'GW' Wettstein ------------------------------------------------------------------------------ The Hurderos Project Open Identity, Service and Authorization Management http://www.hurderos.org ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos