Project review: response sets

Nathaniel McCallum npmccallum at
Fri Jul 13 10:39:16 EDT 2012

On Thu, 2012-07-12 at 18:45 -0400, Greg Hudson wrote:
> If we want more commonality and less glue code here, we could either try
> to make response sets more like cred stores or we could do the reverse.
>  I think making response sets more like cred stores would probably make
> more sense.  Specifically:
> * Response item keys become URIs.

No problem.

> * Instead of arbitrary contracts, response items have question blobs and
> answer blobs.
> * Answer blobs can be pushed by the caller without having to provide a
> responder callback, via a generalization of krb5_get_init_creds_password.

I don't like either of these for one important reason: the responder
interface as it stands can specify callback functions to validate the
input data. In OTP for instance we definitely want to validate the data
provided and provide intelligent errors for the UI.


More information about the krbdev mailing list