API for setting preauth get_init_creds_options

Jeffrey Altman jaltman at secure-endpoints.com
Tue Nov 21 11:05:16 EST 2006

Kevin Coffman wrote:

> krb5_error_code KRB5_CALLCONV
> krb5_get_init_creds_opt_set_pa(krb5_context context,
>                                krb5_get_init_creds_opt *opt,
>                                krb5_preauthtype preauth_type,
>                                krb5_principal principal,
>                                const char *user_id,
>                                const char *password,
>                                krb5_prompter_fct prompter,
>                                void *prompter_data,
>                                const char *attr,
>                                const char *value)
> Should "attr" and "value" be an array of attr/value pairs so we could
> accomplish setting several values like "x509_anchors", "pool",
> "pki_revoke" in one call?
> How should these be passed from the command line for kinit?
> BTW, for the plugins to make use of the krb5_get_init_creds_opt, they
> would have to know about the new extended structure, which I think is
> undesirable.

You probably want a krb5_get_init_creds_opt_get_pa() function that
allows a plugin to search for a particular attribute value without
needing to know anything about the internal structure.

Jeffrey Altman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20061121/2bd2f36e/attachment.bin

More information about the krbdev mailing list