issue with krb5_prompter_posix() design

[Will Fiveash]

While debugging some memory leaks relating to my pam_krb5 pkinit work I
noticed a discrepancy between the libkrb krb5_prompter_posix() which
requires callers to allocate the reply data buffer and standard PAM
conversation functions which allocate the reply data buffer and expect
the consumer of the reply data to free() it.  Here is a description from
the Solaris Security for Developers Guide on how to write a proper PAM
conversation function:
http://docs.sun.com/app/docs/doc/816-4863/emrbk?a=view

Seems to me the PAM approach is better since it's acquiring the reply.
Anyway this is adding complication to the prompter bridge function I
wrote in pam_krb5 to allow preauth plug-ins like pkinit to prompt via a
PAM conversation function.
-- 
Will Fiveash
Oracle
Note my new work e-mail address: will.fiveash at oracle.com
http://opensolaris.org/os/project/kerberos/
Sent using mutt, a sweet text based e-mail app: http://www.mutt.org/