Pkinit & Client side errors
Nebergall, Christopher
cneberg at sandia.gov
Mon May 21 16:57:17 EDT 2007
Hmm, at the very least I think it should show an error mentioning that
the PIN was the problem. People would at least want to know that they
one step closer to getting their cards locked. Or if it is locked,
maybe a message stating that it is locked. Beyond that, I'm not sure,
maybe one additional chance which they can cntrl-C out of? Or would that
cause too much trouble?
-Christopher
-----Original Message-----
From: Jim Rees [mailto:rees at umich.edu]
Sent: Monday, May 21, 2007 2:39 PM
To: Nebergall, Christopher
Cc: krbdev at mit.edu; pkinit at citi.umich.edu
Subject: Re: Pkinit & Client side errors
Nebergall, Christopher wrote:
If I get my PIN wrong to my smart card, it just continues and asks for
a
static password next. It doesn't give an error saying the PIN was
wrong
or give me a chance to retry.
What would make more sense, giving an error message that says the PIN is
wrong and then exit, or keep prompting until you run out of attempts?
I'll see if there is a way to reliably get the retry count from the
card.
More information about the krbdev
mailing list