issue with krb5_prompter_posix() design
will.fiveash at oracle.com
Thu Apr 15 16:23:14 EDT 2010
While debugging some memory leaks relating to my pam_krb5 pkinit work I
noticed a discrepancy between the libkrb krb5_prompter_posix() which
requires callers to allocate the reply data buffer and standard PAM
conversation functions which allocate the reply data buffer and expect
the consumer of the reply data to free() it. Here is a description from
the Solaris Security for Developers Guide on how to write a proper PAM
Seems to me the PAM approach is better since it's acquiring the reply.
Anyway this is adding complication to the prompter bridge function I
wrote in pam_krb5 to allow preauth plug-ins like pkinit to prompt via a
PAM conversation function.
Note my new work e-mail address: will.fiveash at oracle.com
Sent using mutt, a sweet text based e-mail app: http://www.mutt.org/
More information about the krbdev