[krbdev.mit.edu #1278] No prompter interface for krb5_get_init_creds_keytab
Sam Hartman via RT
rt-comment at krbdev.mit.edu
Thu Dec 19 00:55:06 EST 2002
So, note that there are two sides to the interaction. I think the
current interface correctly handles the case where you want the
preaauth mechanism to interact with a user using an
application-supplied prompter function.
This is mechanism-independent and similar to PAM conversation functions.
Ken pointed out that we have no way of setting this up while using a
keytab to get a long-term key. I agree that this functionality should
be offered and agreed to accept the functionality if code is
I disagree that Ken's use of the keytab interface for the hw-auth
draft is appropriate but don't believe he plans to give us that code,
so I'm not sure it matters.
None of this speaks to a related problem which is how we get preauth
mechanism specific data from an application or hardware device to that
mechanism. The current prompter interface is clearly appropriate (as
are things like PAM conversation functions within the PAM framework).
It sounds like Richard is addressing that problem rather than the user
More information about the krbdev