Sebastian,
Thanks for the contribution.
I have a few comments (also gathered from others):
1) you should provide patches against HEAD code; there has been some limited changes in the API related to overlay initialization and so.
2) you could try to rework the overlay to avoid any specific reference to Active Directory, since your cache should apply to any remote system implementing Kerberos V. It could be abstracted even more, to act as a replacement of saslauthd, by allowing it to auth via LDAP, pam and more, not just Kerberos.
3) you should add a (configurable) TTL, so that the cache could eventually be notified of an account lockout at the remote server's side.
4) you should add support for dynamic configuration, so that the module can fit into the new configuration paradigm for possible release with 2.4.
5) you should follow coding guidelines (indentation and so) as in most of the code.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------