pkinit updates
Douglas E. Engert
deengert at anl.gov
Wed Dec 20 12:00:19 EST 2006
Love Hörnquist Åstrand wrote:
> 19 dec 2006 kl. 18.39 skrev Russ Allbery:
>
>
>>Douglas E Engert <deengert at anl.gov> writes:
>>
>>>Jeffrey Hutzelman wrote:
>>
>>>>That depends on one's PAM module. But currently, if one's PAM
>>>>module
>>>>does not provide a way to specify the principal, then it must
>>>>infer it
>>>>from PAM_USER.
>>
>>>Is now the time to get Russ to add a prompt for principal to his
>>>pam? Its someting that has ben missing for years.
>>
>>I can certainly add that as an option if anyone wants it. I'm
>>guessing
>>that one wouldn't want to prompt by default, and I'd need some help
>>understanding the desired semantics and use case.
>
>
> Plain uses don't want a principal or username prompt, they want to
> insert the SC and enter their pin and be logged in as themself.
>
True, but this is not always possible. If the SAN does not have the
princapal, it could be possible to use the same cert with different
principals in the same realm.
> Admins on the other hand...
>
> Love
>
>
> _______________________________________________
> krbdev mailing list krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the krbdev
mailing list