Received: from cz.mit.edu (HOTASS-6.MIT.EDU [18.101.1.48]) by krbdev.mit.edu (8.9.3p2) with ESMTP id DAA09537; Sat, 21 Aug 2004 03:40:14 -0400 (EDT)
Received: by cz.mit.edu (Postfix, from userid 8042) id 468F8198021; Sat, 21 Aug 2004 03:40:30 -0400 (EDT)
To: rt@krbdev.mit.edu
Cc: krb5-prs@MIT.EDU
Subject: Re: [krbdev.mit.edu #2676] feature proposal - programmatic retrieval of password expiry
References: <rt-2676-11642.6.42800383716306@krbdev.mit.edu>
From: Sam Hartman <hartmans@mit.edu>
Date: Sat, 21 Aug 2004 03:40:30 -0400
In-Reply-To: <rt-2676-11642.6.42800383716306@krbdev.mit.edu> (Paul Moore's message of "Fri, 20 Aug 2004 21:09:09 -0400 (EDT)")
Message-Id: <tslisbdhrbl.fsf@cz.mit.edu>
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
RT-Send-Cc: 
X-RT-Original-Encoding: us-ascii
Content-Length: 602

>>>>> """ == " Paul Moore " via RT <rt-comment@krbdev.mit.edu> writes:

    "> Is this a useful feature. Would you like the diffs?


It sounds like a useful feature, but unfortunately not a useful API.
The problem is that things tend to get too cluttered if we keep adding
APIs like this to add one new argument.  krb5_mk_req_* is an example
of this gone badly.

The strategy we'd like to adopt is to add an extension mechanism to an
API whenever we find that the API is inadequate.  We've had some
internal discussions of how to do this for the gic API, but none have
been particularly satisfactory.