a suggestion for improving pkinit preauth plugin token choosing

Douglas E. Engert deengert at anl.gov
Wed May 12 10:59:55 EDT 2010

Sam Hartman wrote:
> I actually agree with henry that "please insert a token," should be out
> of scope for preauth plugins.
> My rationale is that the current prompter interface is kind of weak when
> it interacts with GUIs etc, and the more we can avoid using it, the
> better.
> For example, what should that prompt read? "Press enter," may be right
> for a CLI instance, but will be wrongish for gdm.
> I suspect Henry and I may be in the rough on this point.

I play a lot from the rough, and I agree with both of you.

Its the current PAM architecture that is weak. Pam needs a better front
end to give the user some choices, and a better way to propagate those
choices to the individual PAM modules.

> _______________________________________________
> krbdev mailing list             krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev


  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the krbdev mailing list