issue with preauth processing

Nicolas Williams Nicolas.Williams at
Mon Oct 26 14:44:18 EDT 2009

On Mon, Oct 26, 2009 at 02:39:26PM -0400, Sam Hartman wrote:
> >>>>> "Will" == Will Fiveash <William.Fiveash at> writes:
>     Will> But consider pam_krb5 and prompting.  There may be
>     Will> situations where pam_krb5 wants to restrict libkrb and it's
>     Will> preauth plugins to only PKINIT and it's associated prompts.
>     Will> How can that be done?
> I don't think we have an API for that today.  (I'm also not entirely
> convinced that libpam-krb5 should do this.)  I do think such an API
> would be reasonable in some cases--for example the s4u case.

Sam, I think pam_krb5 should be doing something else, yes, but, in
Solaris we have other constraints that prevent us from doing something


More information about the krbdev mailing list