Project review: response sets

Nico Williams nico at
Fri Jul 13 17:34:06 EDT 2012

On Fri, Jul 13, 2012 at 4:05 PM, Nathaniel McCallum
<npmccallum at> wrote:
> On Fri, 2012-07-13 at 15:48 -0500, Nico Williams wrote:
>> I do think it follows that the pre-auth plugin should do the
>> validation.  I don't think it follows that we must use void * instead
>> of char *.
> In fact, it does. The "answer" is definitely non-trivial. It is NOT
> simply a password. A typical reply looks like this (assuming a bunch of
> relevant data is generated by the plugin and not the application):
> 1. Which token was used. This is an index into the question array.
> 2. The token (format validated)
> 3. The pin
> 4. Flags

Excuse my ignorance, but why are flags necessary in the context of
prompting the user?  You don't mean that the application should be
responsible for interfacing with hardware tokens plugged into token
slots, do you?


More information about the krbdev mailing list