Project review: response sets

Dmitri Pal dpal at
Fri Jul 13 17:40:15 EDT 2012

On 07/13/2012 05:34 PM, Nico Williams wrote:
> On Fri, Jul 13, 2012 at 4:05 PM, Nathaniel McCallum
> <npmccallum at> wrote:
>> On Fri, 2012-07-13 at 15:48 -0500, Nico Williams wrote:
>>> I do think it follows that the pre-auth plugin should do the
>>> validation.  I don't think it follows that we must use void * instead
>>> of char *.
>> In fact, it does. The "answer" is definitely non-trivial. It is NOT
>> simply a password. A typical reply looks like this (assuming a bunch of
>> relevant data is generated by the plugin and not the application):
>> 1. Which token was used. This is an index into the question array.
>> 2. The token (format validated)
>> 3. The pin
>> 4. Flags
> Excuse my ignorance, but why are flags necessary in the context of
> prompting the user?  You don't mean that the application should be
s/should be/might be
> responsible for interfacing with hardware tokens plugged into token
> slots, do you?

Absolutely yes.
Application can be prompting the user or interacting with the hardware
SSSD is one of such applications. It can do the first and soon will be
able to do the second.

> Nico
> --
> _______________________________________________
> krbdev mailing list             krbdev at

Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.

Looking to carve out IT costs?

More information about the krbdev mailing list