Hi Pierangelo,
thanx for your comments.
On Mon, Aug 06, 2007 at 09:32:27PM +0200, Pierangelo Masarati wrote:
Sebastian,
Thanks for the contribution.
I have a few comments (also gathered from others):
- you should provide patches against HEAD code; there has been some
limited changes in the API related to overlay initialization and so.
No problem, I will look into that shortly.
- you could try to rework the overlay to avoid any specific reference
to Active Directory, since your cache should apply to any remote system implementing Kerberos V. It could be abstracted even more, to act as a replacement of saslauthd, by allowing it to auth via LDAP, pam and more, not just Kerberos.
Actually, the software was built and tested agains MIT and Heimdal Kerberos V in the first place, so there is no dependency on AD whatsoever. The reference to AD is more a marketing issue. I assume more users looking for an AD password cache than for an Kerberos V password cache. So I would perfer to keep it.
- you should add a (configurable) TTL, so that the cache could
eventually be notified of an account lockout at the remote server's side.
I tried to avoid introduction of new attributes for the module. Do you have any suggestions how this TTL should be stored? Adding pwdPolicy from ppolicy seems a bit like an overkill to me.
- you should add support for dynamic configuration, so that the module
can fit into the new configuration paradigm for possible release with 2.4.
I'll look into that.
- you should follow coding guidelines (indentation and so) as in most
of the code.
I did not find any guidelines other than "Adapt your style to match that of the block, file, directory, or package that you are working in." Can you point me to a more detailed explanation of the required indentation?
Regards,
Sebastian