pkinit preauth plugin issue
Jeffrey Hutzelman
jhutz at cmu.edu
Sun Feb 14 12:13:32 EST 2010
--On Wednesday, February 10, 2010 01:51:36 PM -0600 Will Fiveash
<William.Fiveash at sun.com> wrote:
> The problem I'm dealing with is that pam_krb5 when configured to use
> PKINIT may find PAM_AUTHTOK set and if that is the case I was informed*
> that pam_krb5 should assume that is the PIN and pass that to the pkinit
> preauth plugin.
That sounds like a really bad idea, for the same reason -- conflating PIN's
and passwords is a recipe for lockouts.
-- Jeff
More information about the krbdev
mailing list