issue with krb5_prompter_posix() design

Nicolas Williams Nicolas.Williams at
Thu Apr 15 17:56:07 EDT 2010

On Thu, Apr 15, 2010 at 05:50:44PM -0400, Greg Hudson wrote:
> On Thu, 2010-04-15 at 17:03 -0400, Nicolas Williams wrote:
> > I'm not so sure.  On the one hand the conv/prompter function will know
> > how much memory to allocate, not the caller of the prompting function.
> > OTOH requiring the prompting function to free() memory allocated by the
> > prompter means that the application and the library must share the same
> > memory allocator
> Yes, but if krb5_prompter_posix() had been designed to allocate the
> memory, the caller would probably free it with krb5_free_data() (or
> krb5_free_data_contents(), perhaps), so the actual free would happen
> inside the library.

krb5_prompter_posix() is not a good example because it's effectively
demo code (useful demo code, I'll grant).  It's the prompters that
_don't_ come with MIT krb5 that matter.  Sundry pam_krb5 module
implementations are truly the main and most complicated consumers of the
krb5_gic prompter facility.  And much pain arises for any pam_krb5
developer from design problems in PAM and impedance mismatches between
PAM and the krb5_gic prompter.


More information about the krbdev mailing list