pam_krb5 with PKINIT from Heimdal and MIT
hartmans at MIT.EDU
Tue Oct 10 13:12:05 EDT 2006
>>>>> "Douglas" == Douglas E Engert <deengert at anl.gov> writes:
Douglas> Sam Hartman wrote:
>>>>>>> "Douglas" == Douglas E Engert <deengert at anl.gov> writes:
Douglas> o Since the Heimdal default it to compile in pkinit, or
Douglas> at least a stub for it, this pkinit code can be compiled
Douglas> into pam_krb5 by default. I would hope the MIT code would
Douglas> do something similar.
>> we can't do that. Pkinit really needs to be a plugin for gpl
Douglas> I understand. But what I am asking is what code can be in
Douglas> pam_krb5 to tell your libraries to load a plugin? The
Douglas> Heimdal code adds one extra routine,
Douglas> krb5_get_init_creds_opt_set_pkinit. With the MIT code if
Douglas> the plugin was not available a routine like this could
Douglas> return an error.
Well, we can't call it that. But I do think we can have a routine in
the main API for specifying options to a preauth plugin.
More information about the krbdev