pkinit preauth plugin issue
Sam Hartman
hartmans at MIT.EDU
Wed Feb 10 17:00:27 EST 2010
>>>>> "Will" == Will Fiveash <William.Fiveash at sun.com> writes:
Will> On Wed, Feb 10, 2010 at 03:12:57PM -0500, Sam Hartman wrote:
>> Ah, I see a bit of disconnect here. I'm asking for an API.
>> That's a bit tricky to do as the core library does not know about
>> the pkinit plugin. What we have as a way to pass text strings to
>> pkinit.
>>
>> I think what I'm asking for is a structured string that must
>> include a PIN and may optionally include location information.
Will> I'm thinking that could be done via
Will> krb5_get_init_creds_opt_set_pa() and related functions below
Will> it. pam_krb5 could call that and pass in a PIN option that is
Will> a structured string as you describe that would have the PIN
Will> string and optionally location info. The pkinit plugin would
Will> use this option if set instead of prompting for a PIN. Does
Will> that sound like a reasonable modification?
Yes.
More information about the krbdev
mailing list