Proposal: krb5_get_init_creds_opt_set_change_password_prompt

Kevin Coffman kwc at citi.umich.edu
Thu Dec 7 11:46:56 EST 2006 

On 12/7/06, Love Hörnquist Åstrand <lha at kth.se> wrote:
> > It requires that we agree on attribute name equivalents to the
> > parameters supplied to krb5_get_init_creds_opt_set_pkinit().  I used
> > the following, but am open to discussion.
>
> is there any document on krb5_get_init_creds_opt_set_pa ?

Sorry.  It is a (proposed) generalized interface to supply options to
preauth plugins:


/* Generic preauth option attribute/value pairs */
typedef struct _krb5_gic_opt_pa_data {
    krb5_preauthtype pa_type;   /* pa_type this option applies to */
    char *attr;
    char *value;
} krb5_gic_opt_pa_data;

 /*
 * This function allows the caller to supply options to preauth
 * plugins.  Preauth plugin modules are given a chance to look
 * at the options at the time this function is called to check
 * the validity of its options.
 * The 'opt' pointer supplied to this function must have been
 * obtained using krb5_get_init_creds_opt_alloc()
 */
krb5_error_code KRB5_CALLCONV
krb5_get_init_creds_opt_set_pa(krb5_context context,
                               krb5_get_init_creds_opt *opt,
                               krb5_principal principal,
                               const char *password,
                               krb5_prompter_fct prompter,
                               void *prompter_data,
                               int num_preauth_data,
                               krb5_gic_opt_pa_data *preauth_data);


/*
 * This function allows a preauth plugin to obtain preauth
 * options. Only options which are applicable to the pa_types
 * which the plugin module claims to support (pa_types) are
 * returned.  The preauth_data returned from this function
 * should be freed by calling krb5_get_init_creds_opt_free_pa().
 * The 'opt' pointer supplied to this function must have been
 * obtained using krb5_get_init_creds_opt_alloc()
 */
krb5_error_code KRB5_CALLCONV
krb5_get_init_creds_opt_get_pa(krb5_context context,
                               krb5_get_init_creds_opt *opt,
                               int num_pa_types,
                               krb5_preauthtype *pa_types,
                               int *num_preauth_data,
                               krb5_gic_opt_pa_data **preauth_data);

/*
 * This function frees the preauth_data that was returned by
 * krb5_get_init_creds_opt_get_pa().
 */
void KRB5_CALLCONV
krb5_get_init_creds_opt_free_pa(krb5_context context,
                                int num_preauth_data,
                                krb5_gic_opt_pa_data *preauth_data);

More information about the krbdev mailing list