Proposal: krb5_get_init_creds_opt_set_change_password_prompt

Douglas E. Engert deengert at
Tue Dec 5 10:19:51 EST 2006

Sam Hartman wrote:

>>>>>>"Douglas" == Douglas E Engert <deengert at> writes:
>     Douglas> Kevin Coffman wrote:
>     >> Branch users/coffman/gic_opt_ext has my propoal for extending
>     >> the get_init_creds_opt structure and making use of it to pass
>     >> preauth options through the to preauth plugins.
>     >> 
>     >> There is currently extra test code in kinit.c which does not
>     >> belong.  Hopefully it is obvious.  There is currently *not* a
>     >> compatibility function/macro to match Heimdal's
>     >> krb5_get_init_creds_opt_set_pkinit() function.
>     Douglas> Since PAM_KRB5 is a common source routine that needs to
>     Douglas> call krb5_get_init_creds_* it would be nice if both MIT
>     Douglas> and Heimdal used the same API....
> As I've said before, we cannot have a pkinit-specific entry point in
> libkrb5 for licensing reasons.

Well, if MIT can get PKINIT to work, without a special krb5_get_init_creds_opt_*
then maybe Heimdal can too. I would still like to see the same API,

> --Sam


  Douglas E. Engert  <DEEngert at>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the krbdev mailing list