Re: HDB layer ideas

[Love Hörnquist Åstrand <lha@kth.se>]

Andrew Bartlett <abartlet@samba.org> writes:

> I've been chatting with lha on IRC about HDB, but I wanted to bring
> these things to the list, for a more concrete discussion:
>
> I've been thinking about how I would like (in my ideal world) the HDB
> layer do develop, in support of Samba4's use of Heimdal.
>
> The particular feature I'm after in extending HDB is a private pointer,
> based on an encapsulation of the existing asn.1 hdb_entry:
>
> struct hdb_container {
> 	hdb_entry *entry;
> 	void *private;
> }
>
> I would then add a new hdb_free_entry() method, to free hdb_container
> (and the backend-specific private).

So what I like about the current interface (just talking about the
interface, not content), is that each entry is free-standing from the
backend, no reference counting, no locking, no thread issues.

One idea I have is splitting the KDC into a crypto part and a protocol part
to protect the long term keys in case of a compromise, and adding stuff
like hdb_access_chec, hdb_get_pac, and hdb_verify_pac [1] might complicate
the model.

When thinking about it, it might not be that bad, and really, the KDC
should't really need to write into the HDB layer (never call ->hdb_store) ,
so there isn't much need for transaction safefy ? And to provide you with
hooks to the real entry, just create a one entry cache in the hdb backend
should do it.

Love


[1] Shouldn't these last two be hdb_{add,verify}_authorization_data ?

PGP signature