Douglas E. Engert
deengert at anl.gov
Wed Dec 20 12:00:19 EST 2006
Love Hörnquist Åstrand wrote:
> 19 dec 2006 kl. 18.39 skrev Russ Allbery:
>>Douglas E Engert <deengert at anl.gov> writes:
>>>Jeffrey Hutzelman wrote:
>>>>That depends on one's PAM module. But currently, if one's PAM
>>>>does not provide a way to specify the principal, then it must
>>>Is now the time to get Russ to add a prompt for principal to his
>>>pam? Its someting that has ben missing for years.
>>I can certainly add that as an option if anyone wants it. I'm
>>that one wouldn't want to prompt by default, and I'd need some help
>>understanding the desired semantics and use case.
> Plain uses don't want a principal or username prompt, they want to
> insert the SC and enter their pin and be logged in as themself.
True, but this is not always possible. If the SAN does not have the
princapal, it could be possible to use the same cert with different
principals in the same realm.
> Admins on the other hand...
> krbdev mailing list krbdev at mit.edu
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
More information about the krbdev