[krbdev.mit.edu #7680] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Thu Jul 18 00:58:57 EDT 2013
Support PKINIT NSS deferred identity prompting
The password callback which we usually supply to NSS already gets a
pointer to the pkinit_identity_crypto_context structure, but it needs to
be passed the name of the identity for which it's being called.
If it gets a name, and it's deferring prompting, just add the identity
to the list of deferred identity prompts (the password callback wouldn't
have been called if its result wasn't needed), and either return NULL
(as an indication that we couldn't get a password) or an empty string (a
value which we know is invalid) if that's handier.
Otherwise, check for a password that's been stashed for its use for that
identity, and return a copy of it if one's found. If none of that
works, try to use the prompter callback to ask for the password.
https://github.com/krb5/krb5/commit/c5bf0caa8abf2b931f5ad258463d706d3cfd5f5b
Author: Nalin Dahyabhai <nalin at dahyabhai.net>
Committer: Greg Hudson <ghudson at mit.edu>
Commit: c5bf0caa8abf2b931f5ad258463d706d3cfd5f5b
Branch: master
src/plugins/preauth/pkinit/pkinit_crypto_nss.c | 312 +++++++++++++++++++-----
1 files changed, 252 insertions(+), 60 deletions(-)
More information about the krb5-bugs
mailing list