From 71aceb8dade53339429ab11fc318e5c67c9cc791 Mon Sep 17 00:00:00 2001
From: Russ Allbery <rra@stanford.edu>
Date: Wed, 5 Dec 2007 01:22:53 +0000
Subject: Maintain a global cache of ACL verifiers in Wallet::ACL and reuse
 them over the life of the process if we see another ACL line from the same
 scheme, rather than only reusing ACL verifiers within a single ACL.

---
 TODO | 9 ---------
 1 file changed, 9 deletions(-)

(limited to 'TODO')

diff --git a/TODO b/TODO
index fd8bf60..44ffb15 100644
--- a/TODO
+++ b/TODO
@@ -43,9 +43,6 @@ Release 1.0:
 * Log failures in the wallet-backend properly, which also requires
   catching all exceptions.
 
-* Implement default ACL policy to allow dynamic object creation on first
-  request for keytabs.
-
 * Implement special handling for keytabs in the wallet client.
 
 * Add support to the wallet client for getting Kerberos tickets, using the
@@ -170,9 +167,3 @@ May or may not be good ideas:
 
 * Remove the hard-coded ADMIN ACL in the server with something more
   configurable, perhaps a global ACL table or something.
-
-* The ACL implementation is currently rather inefficient for ACL
-  verifiers that need to maintain state (such as LDAP binds).  Now
-  they're created and destroyed when verifying each ACL.  It may be useful
-  to somehow return global verifiers, probably through a factory
-  implementation.  On the other hand, performance may not be worth it.
-- 
cgit v1.2.3