Project review: response sets
Dmitri Pal
dpal at redhat.com
Fri Jul 13 17:40:15 EDT 2012
On 07/13/2012 05:34 PM, Nico Williams wrote:
> On Fri, Jul 13, 2012 at 4:05 PM, Nathaniel McCallum
> <npmccallum at redhat.com> wrote:
>> On Fri, 2012-07-13 at 15:48 -0500, Nico Williams wrote:
>>> I do think it follows that the pre-auth plugin should do the
>>> validation. I don't think it follows that we must use void * instead
>>> of char *.
>> In fact, it does. The "answer" is definitely non-trivial. It is NOT
>> simply a password. A typical reply looks like this (assuming a bunch of
>> relevant data is generated by the plugin and not the application):
>> 1. Which token was used. This is an index into the question array.
>> 2. The token (format validated)
>> 3. The pin
>> 4. Flags
> Excuse my ignorance, but why are flags necessary in the context of
> prompting the user? You don't mean that the application should be
s/should be/might be
> responsible for interfacing with hardware tokens plugged into token
> slots, do you?
Absolutely yes.
Application can be prompting the user or interacting with the hardware
directly.
SSSD is one of such applications. It can do the first and soon will be
able to do the second.
> Nico
> --
> _______________________________________________
> krbdev mailing list krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
>
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the krbdev
mailing list