issue with krb5_prompter_posix() design

Russ Allbery rra at
Thu Apr 15 18:06:01 EDT 2010

Nicolas Williams <Nicolas.Williams at> writes:

> krb5_prompter_posix() is not a good example because it's effectively
> demo code (useful demo code, I'll grant).  It's the prompters that
> _don't_ come with MIT krb5 that matter.  Sundry pam_krb5 module
> implementations are truly the main and most complicated consumers of the
> krb5_gic prompter facility.  And much pain arises for any pam_krb5
> developer from design problems in PAM and impedance mismatches between
> PAM and the krb5_gic prompter.

Yes, I found handling memory allocation in the prompter glue in pam-krb5
quite tricky and it took several times through valgrind before I could be
reasonably sure that I got it right.  And I suspect there are still some
hidden problems.

Admittedly, I think most of that was the fault of the PAM interface, not
the Kerberos interface.  I found the Kerberos interface easier to deal
with than the PAM side, particularly given the well-known incompatibility
between Linux PAM and Solaris PAM prompt structures in pam_message that
requires complex and tricky memory allocation patterns to produce a
structure acceptable to both implementations.

Russ Allbery (rra at             <>

More information about the krbdev mailing list