Proposal: krb5_get_init_creds_opt_set_change_password_prompt

Kevin Coffman kwc at
Thu Dec 7 13:17:01 EST 2006

On 12/7/06, Sam Hartman <hartmans at> wrote:
> Wait, why does krb5_get_init_creds_opt_set_pa take things like a
> password and principal and etc.  I don't understand why it takes more
> than a patype, attribute and value?

Because they were needed to emulate
krb5_get_init_creds_opt_set_pkinit() which looks like:

krb5_error_code KRB5_LIB_FUNCTION
krb5_get_init_creds_opt_set_pkinit(krb5_context context,
                                   krb5_get_init_creds_opt *opt,
                                   krb5_principal principal,
                                   const char *user_id,
                                   const char *x509_anchors,
                                   char * const * pool,
                                   char * const * pki_revoke,
                                   int flags,
                                   krb5_prompter_fct prompter,
                                   void *prompter_data,
                                   char *password);

I assumed that the plugin may have to prompt for the PIN.  I think
Heimdal allows getting a password from a file.

More information about the krbdev mailing list