Re: [OpenAFS-devel] Re: MEMORY credential cache interop between Heimdal and MIT?

[Ken Hornstein <kenh@cmf.nrl.navy.mil>]

>You don't have to wait. Any OS worth it's weight in bits has loadable
>kernel modules. You create a source package that is compiled against
>some kernel headers to get a module that can be loaded directly into the
>kernel (as root of course). Vendors can provide binaries for each kernel
>package so that auto-updates work smoothly. VMWare does this. They have
>kernel modules that are constructed and installed on-the-fly.

I gave serious thought to this ... but ultimately I had to reject the
idea on practical grounds.

Our Kerberos client software does not require the user to be root
to install it; that is a major advantage.  Our user base is relatively
unsophisticated; I know that asking them to install a kernel module
is simply too much for them.  In theory it could be automated ...
but that would have been a lot of work and would have involved a
lot of ongoing maintence, even assuming the Linux community didn't
decide what I was doing was evil and actively went out of their way
to screw me.  The basic work on my descriptor-based cache was done
in less than a week and porting it to the various Unixes we support
really only took a couple of days; doing what you describe would
have taken a lot longer, and likely only would have really worked
on Linux (we support many more Unixes).

And from a higher-level view, doing this _right_ would involve
adding something to the proc structure (if something suitable didn't
exist already).  I don't know how you'd do that from a loadable
module.

--Ken