[Nicolas Williams <Nicolas.Williams@sun.com>] client-side pre-auth re-architecting

[Sam Hartman]

>>>>> "Ken" == Ken Hornstein <kenh at cmf.nrl.navy.mil> writes:

    >> - the as-reply should probably be passed, when available, to
    >> the pa_function
    >> 
    >> [hartmans] I remember saying this, but I thought I unsaid it
    >> later.  I am reluctant to have one preauth type reading another
    >> preauth type 's data.

    Ken> Hm, I can think of cases where it would be useful, actually
    Ken> (a preauth type that might have different behavior if you
    Ken> were doing hardware preauth, for example).

Which is exactly why I think it should not exist.  It might get used.


Instead, the hw auth preauth should store something in the context.

Of course that means that the working group needs to discuss preauth
ordering issues.