prompter type question

Greg Hudson ghudson at MIT.EDU
Mon Mar 22 18:13:51 EDT 2010 

On Mon, 2010-03-22 at 16:57 -0400, Nicolas Williams wrote:
> We need to hear from the maintainers, please.

Sorry, things have been busy, and this isn't an issue I can just dash
off a reply to.  Here are my notes after looking through the code and
rereading the thread:

* The prompters in the krb5 tree (prompter_posix, KIM, KfW) either don't
care about the prompt type at all, or only care whether it's a password
prompt.  (KIM wants to save the password in some cases, while KfW treats
an empty password as a cancellation request by the user).

* As usual, with no API docs, we're stuck trying to guess at our
compatibility guarantees.  Would third-party prompter invocations get
confused by prompter types which didn't exist before?  If so, is it
their fault or ours?

* Warning messages are currently displayed by invoking the prompter with
a banner value and no prompts--which means there is no associated prompt
type.  So a prompt type for warning messages is probably unnecessary.

* A prompt type for error messages doesn't make sense to me; I would
expect plugins to just return an error code and possibly use
krb5_set_error_message() to better explain it, rather than invoking the
prompter to display an error message.

* Before we get into enumerating all of the possible bits of information
a preauth mechanism might need to retrieve, I'd want to think a bit
about what we are trying to enable prompters to do with that
information, whether it's okay to keep expanding the set as time goes
on, and whether we envision using this interface to retrieve non-textual
input such as biometric data.

* If we decide it's okay to expand the set of prompt types now, we can
presumably do so again later--that is, we don't have to add prompt types
no one has expressed a need for just to avoid adding more later.
Following that argument, a conservative option is to add a prompt type
for requesting only a continue/cancel indication, and no actual data.
That would allow a GUI prompt for "insert token" to avoid having a
pointless (and misleading) text entry field.

To summarize my position:

* I am okay with using KRB5_PROMPT_TYPE_PREAUTH as Sam suggests.

* I can see value in adding KRB5_PROMPT_TYPE_CONTINUE if no one thinks
it is likely to create compatibility issues.

* I am reluctant to add a bunch of new prompt types just because we
happen to be touching the list and want it to be more complete.

More information about the krbdev mailing list