Maintain a global cache of ACL verifiers in Wallet::ACL and reuse them

over the life of the process if we see another ACL line from the same scheme, rather than only reusing ACL verifiers within a single ACL.
author: Russ Allbery <rra@stanford.edu> 2007-12-05 01:22:53 +0000
committer: Russ Allbery <rra@stanford.edu> 2007-12-05 01:22:53 +0000
commit: 71aceb8dade53339429ab11fc318e5c67c9cc791 (patch)
tree: ab87d94d444be44c6cad994da3d26f9fc8cd8d3c /TODO
parent: c0c34051887d08a94221f9cbc2b74fbfad34c22c (diff)
1 files changed, 0 insertions, 9 deletions
diff --git a/TODO b/TODO
index fd8bf60..44ffb15 100644
--- a/TODO
+++ b/TODO
@@ -43,9 +43,6 @@ Release 1.0:
 * Log failures in the wallet-backend properly, which also requires
   catching all exceptions.
 
-* Implement default ACL policy to allow dynamic object creation on first
-  request for keytabs.
-
 * Implement special handling for keytabs in the wallet client.
 
 * Add support to the wallet client for getting Kerberos tickets, using the
@@ -170,9 +167,3 @@ May or may not be good ideas:
 
 * Remove the hard-coded ADMIN ACL in the server with something more
   configurable, perhaps a global ACL table or something.
-
-* The ACL implementation is currently rather inefficient for ACL
-  verifiers that need to maintain state (such as LDAP binds).  Now
-  they're created and destroyed when verifying each ACL.  It may be useful
-  to somehow return global verifiers, probably through a factory
-  implementation.  On the other hand, performance may not be worth it.
author	Russ Allbery <rra@stanford.edu>	2007-12-05 01:22:53 +0000
committer	Russ Allbery <rra@stanford.edu>	2007-12-05 01:22:53 +0000
commit	71aceb8dade53339429ab11fc318e5c67c9cc791 (patch)
tree	ab87d94d444be44c6cad994da3d26f9fc8cd8d3c /TODO
parent	c0c34051887d08a94221f9cbc2b74fbfad34c22c (diff)