Proposal: krb5_get_init_creds_opt_set_change_password_prompt
Kevin Coffman
kwc at citi.umich.edu
Mon Dec 4 18:36:49 EST 2006
Branch users/coffman/gic_opt_ext has my propoal for extending the
get_init_creds_opt structure and making use of it to pass preauth
options through the to preauth plugins.
There is currently extra test code in kinit.c which does not belong.
Hopefully it is obvious. There is currently *not* a compatibility
function/macro to match Heimdal's krb5_get_init_creds_opt_set_pkinit()
function.
Comments please.
On 11/20/06, Jeffrey Altman <jaltman at secure-endpoints.com> wrote:
> Kevin Coffman wrote:
> > The attached patch does not really do any real extensions yet, but the
> > plumbing is here. I didn't change KFW_kinit() in
> > src/windows/kfwlogon/kfwcommon.c because I wasn't sure how to handle
> > this pkrb5_ stuff. (Jeffrey is this as straight-forward as the rest
> > of the changes?)
>
> Don't worry about windows/cns or windows/kfwlogon. It can be updated
> when there is a need to do so. windows/cns has not been touched in years.
>
> > Does this look reasonable?
>
> I would not put assert() calls into libraries. If
> krb5_gic_opt_is_extended() fails, the calling function should return an
> error to the caller. We don't want to cause the application to
> terminate unexpectedly.
>
> Remember to update the Windows export list: src/lib/krb5_32.def
>
> Other than that, looks reasonable.
>
> Jeffrey Altman
More information about the krbdev
mailing list