Preauth plugin adding PA-FX-COOKIE

Alejandro Perez Mendez alex at
Tue May 17 03:14:49 EDT 2011

Hi Linux.

I cannot tell you how it is suppoused to be done, but I can tell you how 
I did it :). To create the PA-FX-COOKIE PADATA just include it in the 
e-data element of the KRB_ERROR message, as you will do to generate any 
other "custom" PADATA.


El 16/05/11 11:43, Linus Nordberg escribió:
> Hi,
> How can a preauth plugin affect the pa-data cookie being returned in a
> KRB-ERROR?  It looks like a cookie is unconditionally created and added
> by get_preauth_hint_list() after the edata_proc function (get_edata) for
> the plugin has been invoked.
> Adding a get_cookie method to krb5plugin_preauth_server_ftable_v1 or
> adding a krb5_pa_data *pa_cookie argument to edata_proc would be two
> possible solutions.
> Thanks,
> Linus
> _______________________________________________
> krbdev mailing list             krbdev at

More information about the krbdev mailing list