Preauth plugin adding PA-FX-COOKIE

Sam Hartman hartmans at MIT.EDU
Fri May 20 10:55:16 EDT 2011

>>>>> "Linus" == Linus Nordberg <linus at> writes:

    Linus> Hi, How can a preauth plugin affect the pa-data cookie being
    Linus> returned in a KRB-ERROR?  It looks like a cookie is
    Linus> unconditionally created and added by get_preauth_hint_list()
    Linus> after the edata_proc function (get_edata) for the plugin has
    Linus> been invoked.

It can't.
We need to add some facility for managing cookies in the KDC.
If you'd be interested in chatting about a design I'd be delighted to


More information about the krbdev mailing list