Authdata, preauth plugin headers

[Linus Nordberg]

Greg Hudson <ghudson at mit.edu> wrote
Thu, 09 Jun 2011 12:25:59 -0400:

| 2. Provide a way to get and set the cookie.  Not sure what constraints
| we want here to control the interaction of different plugins.  Linus,
| why do you need to set the cookie?  I don't see anything about it in the
| OTP draft.

It's needed in order to verify the nonce in a PA-OTP-CHALLENGE, in the
4-pass variant.  I think.