pkinit preauth plugin issue

Nicolas Williams Nicolas.Williams at
Tue Feb 16 12:22:40 EST 2010

On Tue, Feb 16, 2010 at 05:16:31AM -0500, Sam Hartman wrote:
> The purpose of this list is to look at design and development of MIT
> Kerberos.  That Sun internal design discussion has interesting
> implications for MIT Kerberos: we need to provide a mechanism to feed a
> PIN into pkinit.  I think we've hashed those out and come to agreement.
> It happens that a lot of people here (including the two of us) disagree
> with what Sun proposes to do with their PAM module.  That's fine; we can
> bring that concern to Sun.

Sun isn't monolythic.  Sun engineers may disagree amongst themselves,
and your views may influence some of us.  There's also the fact that
Solaris' PAM is not the only PAM and that others may benefit from seeing
this discussion.  I agree that we've explored the problem at length and
can now take the Solaris-specific aspects of it off to a more
appropriate forum -- I just want to make clear that it has probably been
very useful to discuss some Solaris-specific issues here.


More information about the krbdev mailing list