API for setting preauth get_init_creds_options
Jeffrey Altman
jaltman at secure-endpoints.com
Tue Nov 21 11:05:16 EST 2006
Kevin Coffman wrote:
> krb5_error_code KRB5_CALLCONV
> krb5_get_init_creds_opt_set_pa(krb5_context context,
> krb5_get_init_creds_opt *opt,
> krb5_preauthtype preauth_type,
> krb5_principal principal,
> const char *user_id,
> const char *password,
> krb5_prompter_fct prompter,
> void *prompter_data,
> const char *attr,
> const char *value)
>
> Should "attr" and "value" be an array of attr/value pairs so we could
> accomplish setting several values like "x509_anchors", "pool",
> "pki_revoke" in one call?
>
> How should these be passed from the command line for kinit?
>
> BTW, for the plugins to make use of the krb5_get_init_creds_opt, they
> would have to know about the new extended structure, which I think is
> undesirable.
You probably want a krb5_get_init_creds_opt_get_pa() function that
allows a plugin to search for a particular attribute value without
needing to know anything about the internal structure.
Jeffrey Altman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20061121/2bd2f36e/attachment.bin
More information about the krbdev
mailing list