Pkinit & Client side errors

Nebergall, Christopher cneberg at
Mon May 21 16:57:17 EDT 2007

Hmm, at the very least I think it should show an error mentioning that
the PIN was the problem. People would at least want to know that they
one step closer to getting their cards locked.  Or if it is locked,
maybe a message stating that it is locked.  Beyond that, I'm not sure,
maybe one additional chance which they can cntrl-C out of? Or would that
cause too much trouble?

-----Original Message-----
From: Jim Rees [mailto:rees at] 
Sent: Monday, May 21, 2007 2:39 PM
To: Nebergall, Christopher
Cc: krbdev at; pkinit at
Subject: Re: Pkinit & Client side errors

Nebergall, Christopher wrote:

  If I get my PIN wrong to my smart card, it just continues and asks for
  static password next.  It doesn't give an error saying the PIN was
  or give me a chance to retry.  

What would make more sense, giving an error message that says the PIN is
wrong and then exit, or keep prompting until you run out of attempts?
I'll see if there is a way to reliably get the retry count from the

More information about the krbdev mailing list