issue with krb5_prompter_posix() design
Russ Allbery
rra at stanford.edu
Thu Apr 15 18:06:01 EDT 2010
Nicolas Williams <Nicolas.Williams at oracle.com> writes:
> krb5_prompter_posix() is not a good example because it's effectively
> demo code (useful demo code, I'll grant). It's the prompters that
> _don't_ come with MIT krb5 that matter. Sundry pam_krb5 module
> implementations are truly the main and most complicated consumers of the
> krb5_gic prompter facility. And much pain arises for any pam_krb5
> developer from design problems in PAM and impedance mismatches between
> PAM and the krb5_gic prompter.
Yes, I found handling memory allocation in the prompter glue in pam-krb5
quite tricky and it took several times through valgrind before I could be
reasonably sure that I got it right. And I suspect there are still some
hidden problems.
Admittedly, I think most of that was the fault of the PAM interface, not
the Kerberos interface. I found the Kerberos interface easier to deal
with than the PAM side, particularly given the well-known incompatibility
between Linux PAM and Solaris PAM prompt structures in pam_message that
requires complex and tricky memory allocation patterns to produce a
structure acceptable to both implementations.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the krbdev
mailing list