Proposal: krb5_get_init_creds_opt_set_change_password_prompt

Kevin Coffman kwc at
Tue Dec 5 09:30:16 EST 2006

On 12/4/06, Sam Hartman <hartmans at> wrote:
> >>>>> "Douglas" == Douglas E Engert <deengert at> writes:
>     Douglas> Kevin Coffman wrote:
>     >> Branch users/coffman/gic_opt_ext has my propoal for extending
>     >> the get_init_creds_opt structure and making use of it to pass
>     >> preauth options through the to preauth plugins.
>     >>
>     >> There is currently extra test code in kinit.c which does not
>     >> belong.  Hopefully it is obvious.  There is currently *not* a
>     >> compatibility function/macro to match Heimdal's
>     >> krb5_get_init_creds_opt_set_pkinit() function.
>     Douglas> Since PAM_KRB5 is a common source routine that needs to
>     Douglas> call krb5_get_init_creds_* it would be nice if both MIT
>     Douglas> and Heimdal used the same API....
> As I've said before, we cannot have a pkinit-specific entry point in
> libkrb5 for licensing reasons.

Now I'm a bit confused.  Is it "pkinit-specific" you're opposed to, or
the licensing issue of OpenSSL?  I don't understand how having an
entry point like this in libkrb5 ties it to the OpenSSL issue.

More information about the krbdev mailing list