prompter type question

Nicolas Williams Nicolas.Williams at
Wed Mar 24 11:25:20 EDT 2010

On Wed, Mar 24, 2010 at 07:26:12AM -0400, Greg Hudson wrote:
> Let me explain why I'm being so picky about specific use cases.  Numeric
> prompt types are a limited and poorly defined form of structured
> information.  If we ask for "a PIN," we can't say what device we want
> the PIN for, which means pam_krb5 can't really return a cached PIN
> without possibly giving us one for a different device (which we know can
> be harmful due to token lockout).  I do not want to create a soup of
> prompt types under different conceptions of what a prompt type means,
> only to find out later that they are inadequate for any productive
> purpose.

While that is true, the likelihood of having multiple tokens plugged in
on some seat's readers is very low.  But also, your argument only
furthers the argument for adding more prompt metadata.


More information about the krbdev mailing list