Proposed krb5_get_init_creds_opt_set_pa

Douglas E. Engert deengert at anl.gov
Fri Dec 8 16:07:24 EST 2006 

Kevin Coffman wrote:

> On 12/7/06, Sam Hartman <hartmans at mit.edu> wrote:
> 
>>At least initially I'd vote to keep things simple and if people are
>>happy with the names Kevin proposed, use them.  We can work on
>>registration rules with the initial understanding that MIT and Heimdal
>>implementers will be able to get FCFS registrations until something
>>more formal is worked out.
> 
> 
> I've updated my branch 

I dont see the updates I got the original source using:
snv checkout svn://anonsvn.mit.edu/krb5/users/coffman/pkinit

snv update says it is still at revision 18935, and Dec 4 is
the most recent update.


>to implement the simplified interface for
> krb5_get_init_creds_set_pa()  (See below.)
> 

> I left in the heimdal compatibility function,
> krb5_get_init_creds_opt_set_pkinit(), for now.
> 
> I also updated kinit to take -X options (for lack of a better idea)
> and pass them along as preauth options as in Doug's suggestion.
> 
> So I am able to enter:
> kinit -X X509_user_identity=/tmp/x509up_u20010,/tmp/x509up_u20010 \
>     -X X509_anchors=/etc/grid-security/certificates  kwc at REALM
> 
> Note that this branch also includes the code to extend the
> get_init_creds_opt structure.
> 
> ----------------------------------------------------------------------------------------------------
> 
> /* Generic preauth option attribute/value pairs */
> typedef struct _krb5_gic_opt_pa_data {
>     char *attr;
>     char *value;
> } krb5_gic_opt_pa_data;
> 
> /*
>  * This function allows the caller to supply options to preauth
>  * plugins.  Preauth plugin modules are given a chance to look
>  * at each option at the time this function is called in ordre
>  * to check the validity of the option.
>  * The 'opt' pointer supplied to this function must have been
>  * obtained using krb5_get_init_creds_opt_alloc()
>  */
> krb5_error_code KRB5_CALLCONV
> krb5_get_init_creds_opt_set_pa
>                 (krb5_context context,
>                 krb5_get_init_creds_opt *opt,
>                 const char *attr,
>                 const char *value);
> 
> /*
>  * This function allows a preauth plugin to obtain preauth
>  * options.  The preauth_data returned from this function
>  * should be freed by calling krb5_get_init_creds_opt_free_pa().
>  *
>  * The 'opt' pointer supplied to this function must have been
>  * obtained using krb5_get_init_creds_opt_alloc()
>  */
> krb5_error_code KRB5_CALLCONV
> krb5_get_init_creds_opt_get_pa
>                 (krb5_context context,
>                 krb5_get_init_creds_opt *opt,
>                 int *num_preauth_data,
>                 krb5_gic_opt_pa_data **preauth_data);
> 
> /*
>  * This function frees the preauth_data that was returned by
>  * krb5_get_init_creds_opt_get_pa().
>  */
> void KRB5_CALLCONV
> krb5_get_init_creds_opt_free_pa
>                 (krb5_context context,
>                  int num_preauth_data,
>                  krb5_gic_opt_pa_data *preauth_data);
> _______________________________________________
> krbdev mailing list             krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the krbdev mailing list