My current thinking is to use http://www.ossp.org/pkg/lib/mm/ for the shared memory stuff and & http://256.com/sources/table/ for the hash table
I haven't had a chance to look at: ftp://ftp.net.ohio-state.edu/pub/users/jrumpf/krbdirp-1.2.0.tar.gz yet Igor Brezac wrote: > > On Thu, 9 Jan 2003, Jeremy Rumpf wrote: > > > > > On Thursday 09 January 2003 03:55 pm, Paul M Fleming wrote: > > > Timing out the passwords is simple ( I think ) I would store the time > > > when the entry is added and force a reauth if the password has been > > > cached longer than a timeout (for example one hour ). That forces a > > > reauth at least every timeout period of time. If an entry isn't in the > > > cache (or if it is different the entry would be removed and ) a reauth > > > would be forced. Every successfull auth would be added to the cache. > > > > > > > Some time ago I wrote a plugin for the Netscape/iPlanet Directory server that > > intercepted bind authentications and passed them off to a kerberos backend. > > It allowed us to integrate LDAP services with our Kerberos environment. > > Anyhow, it implemented just this, with the timeouts and all. I also > > implemented a checkpoint feature where the hash table was periodically dumped > > to a file. That way if you restarted the LDAP server you wouldn't lose you're > > cached entries. You can grab a copy of the plugin at: > > > > ftp://ftp.net.ohio-state.edu/pub/users/jrumpf/krbdirp-1.2.0.tar.gz > > > > Look in the file krbdirp.c, specifically at the function > > validate_with_cache(). The text file CACHE also has some thoughts and ideas. > > > > The LDAP directory was used for an iPlanet mail setup to store user > > information. The idea of the credential cache has worked quite well. > > Implementing it for saslauthd would be a nice feature. > > > > I'd be more than willing to help/contribute to the effort. > > > > Cheers, > > Jeremy > > > > I agree. I know Simon would like this feature. :) Openldap APIs have > client side cache, but I think it has some issues. > > saslauthd needs to remain a 'light' process. It is really a helper > program for 'big' servers such as cyrus, sendmail, postfix, etc.. > > You might want to check out http://www.ossp.org/pkg/lib/mm/ for a portable > IPC library. > > -- > Igor
