diff options
Diffstat (limited to 'crypto/krb5/doc/plugindev/kdcpolicy.rst')
| -rw-r--r-- | crypto/krb5/doc/plugindev/kdcpolicy.rst | 24 |
1 files changed, 0 insertions, 24 deletions
diff --git a/crypto/krb5/doc/plugindev/kdcpolicy.rst b/crypto/krb5/doc/plugindev/kdcpolicy.rst deleted file mode 100644 index 74f21f08fbf4..000000000000 --- a/crypto/krb5/doc/plugindev/kdcpolicy.rst +++ /dev/null @@ -1,24 +0,0 @@ -.. _kdcpolicy_plugin: - -KDC policy interface (kdcpolicy) -================================ - -The kdcpolicy interface was first introduced in release 1.16. It -allows modules to veto otherwise valid AS and TGS requests or restrict -the lifetime and renew time of the resulting ticket. For a detailed -description of the kdcpolicy interface, see the header file -``<krb5/kdcpolicy_plugin.h>``. - -The optional **check_as** and **check_tgs** functions allow the module -to perform access control. Additionally, a module can create and -destroy module data with the **init** and **fini** methods. Module -data objects last for the lifetime of the KDC process, and are -provided to all other methods. The data has the type -krb5_kdcpolicy_moddata, which should be cast to the appropriate -internal type. - -kdcpolicy modules can optionally inspect principal entries. To do -this, the module must also include ``<kdb.h>`` to gain access to the -principal entry structure definition. As the KDB interface is -explicitly not as stable as other public interfaces, modules which do -this may not retain compatibility across releases. |