Preauth plugin adding PA-FX-COOKIE

Linus Nordberg linus at
Mon May 16 05:43:40 EDT 2011


How can a preauth plugin affect the pa-data cookie being returned in a
KRB-ERROR?  It looks like a cookie is unconditionally created and added
by get_preauth_hint_list() after the edata_proc function (get_edata) for
the plugin has been invoked.

Adding a get_cookie method to krb5plugin_preauth_server_ftable_v1 or
adding a krb5_pa_data *pa_cookie argument to edata_proc would be two
possible solutions.


More information about the krbdev mailing list