Pluggable auth modules
Lennart Poettering
mzqohf at 0pointer.de
Thu Jun 2 17:33:31 PDT 2011
On Wed, 01.06.11 10:08, Pavel Strashkin (pavel.strashkin at gmail.com) wrote:
> Hello DBusers,
>
> At the moment DBus has a few hard-coded auth mechanism and there is no
> the way to fix them separately, extend, inherit or add a new one
> without a patching.
>
> Actually, an adding a new one is a more complicated problem because
> you can't just add it to main repo - it must be approved by dbus team
> or it's may be your own
> proprietary (or for internal usage) code so the only way is keep this
> patches under your control and merge/refresh them everytime when
> mainstream is changed (sometimes it's difficult).
>
> The idea is introduce pluggable auth modules (DLO, dynamically
> loadable objects) via *.so/*.dll which will contain some factory
> function to produce DBusAuthMechanismHandler instances.
> What do you think?
Uhm. Creating our own pluggable auth iface here would be a very bad
idea, specially since D-Bus' focus is not so much the network but local
IPC, for which you don't need this.
I think what might be acceptable is to work on a patch that adds proper
SASL support to D-Bus, using one of the existing
implementations. (Cyrus, Dovecot, GNU) That way there would be no need
to invent a new interface, but you'd have all the flexibility that SASL
offers with its pluggable backends.
Lennart
--
Lennart Poettering - Red Hat, Inc.
More information about the dbus
mailing list