Proposal: krb5_get_init_creds_opt_set_change_password_prompt

Jeffrey Altman jaltman at
Thu Dec 7 13:27:22 EST 2006

Kevin Coffman wrote:
> On 12/7/06, Sam Hartman <hartmans at> wrote:
>> Wait, why does krb5_get_init_creds_opt_set_pa take things like a
>> password and principal and etc.  I don't understand why it takes more
>> than a patype, attribute and value?
> Because they were needed to emulate
> krb5_get_init_creds_opt_set_pkinit() which looks like:
> krb5_error_code KRB5_LIB_FUNCTION
> krb5_get_init_creds_opt_set_pkinit(krb5_context context,
>                                   krb5_get_init_creds_opt *opt,
>                                   krb5_principal principal,
>                                   const char *user_id,
>                                   const char *x509_anchors,
>                                   char * const * pool,
>                                   char * const * pki_revoke,
>                                   int flags,
>                                   krb5_prompter_fct prompter,
>                                   void *prompter_data,
>                                   char *password);
> I assumed that the plugin may have to prompt for the PIN.  I think
> Heimdal allows getting a password from a file.

I would think that each of those items would become attributes.

krb5_get_init_creds_opt_set_pkinit() would make multiple calls
to krb5_get_init_creds_opt_set_pa() with each of the required
attribute/value pairs.

Jeffrey Altman

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url :

More information about the krbdev mailing list