pam_krb5 with PKINIT from Heimdal and MIT

Love Hörnquist Åstrand lha at
Tue Oct 10 12:27:13 EDT 2006

10 okt 2006 kl. 17.07 skrev Douglas E. Engert:

>> I think that also means that we need to have a way to provide
>> preauth-specific parameters to a plugin without defining
>> pkinit-specific things in krb5.h.
> OK, then generalize by having a krb5_get_init_creds_opt_set_plugin,
> instead, and pass it character string parameters, that could have been
> passed as options to pam_krb5 or found in krb5.conf.

Are things structure or just the name ? Heimdal PK-INIT api  just  
const char *(*) and int
int PK-INIT specific apis, nothing of the underlaying implementation  
is exposed.


krb5_error_code KRB5_LIB_FUNCTION
krb5_get_init_creds_opt_set_pkinit (
	krb5_context /*context*/,
	krb5_get_init_creds_opt */*opt*/,
	krb5_principal /*principal*/,
	const char */*user_id*/,
	const char */*x509_anchors*/,
	char * const * /*pool*/,
	char * const * /*pki_revoke*/,
	int /*flags*/,
	krb5_prompter_fct /*prompter*/,
	void */*prompter_data*/,
	char */*password*/);

More information about the krbdev mailing list