issue with krb5_prompter_posix() design

Greg Hudson ghudson at MIT.EDU
Thu Apr 15 16:27:47 EDT 2010

On Thu, 2010-04-15 at 16:23 -0400, Will Fiveash wrote:
> Seems to me the PAM approach is better since it's acquiring the reply.
> Anyway this is adding complication to the prompter bridge function I
> wrote in pam_krb5 to allow preauth plug-ins like pkinit to prompt via a
> PAM conversation function.

I agree that the PAM approach is better, but since this is a public
interface, I don't see any way of getting from here to there without
more pain than the benefit justifies.

(Barring some kind of generalized krb5 API revamp, anyway--not a venture
I'm prepared to charge ahead on while there are so many internals to
clean up.)

More information about the krbdev mailing list