a suggestion for improving pkinit preauth plugin token choosing
Douglas E. Engert
deengert at anl.gov
Wed May 12 10:59:55 EDT 2010
Sam Hartman wrote:
> I actually agree with henry that "please insert a token," should be out
> of scope for preauth plugins.
> My rationale is that the current prompter interface is kind of weak when
> it interacts with GUIs etc, and the more we can avoid using it, the
> better.
>
> For example, what should that prompt read? "Press enter," may be right
> for a CLI instance, but will be wrongish for gdm.
>
> I suspect Henry and I may be in the rough on this point.
I play a lot from the rough, and I agree with both of you.
Its the current PAM architecture that is weak. Pam needs a better front
end to give the user some choices, and a better way to propagate those
choices to the individual PAM modules.
> _______________________________________________
> krbdev mailing list krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the krbdev
mailing list