pkinit updates

Love Hörnquist Åstrand lha at
Tue Dec 19 13:18:21 EST 2006

19 dec 2006 kl. 18.39 skrev Russ Allbery:

> Douglas E Engert <deengert at> writes:
>> Jeffrey Hutzelman wrote:
>>> That depends on one's PAM module.  But currently, if one's PAM  
>>> module
>>> does not provide a way to specify the principal, then it must  
>>> infer it
>>> from PAM_USER.
>> Is now the time to get Russ to add a prompt for principal to his
>> pam? Its someting that has ben missing for years.
> I can certainly add that as an option if anyone wants it.  I'm  
> guessing
> that one wouldn't want to prompt by default, and I'd need some help
> understanding the desired semantics and use case.

Plain uses don't want a principal or username prompt, they want to
insert the SC and enter their pin and be logged in as themself.

Admins on the other hand...


More information about the krbdev mailing list