Project review: response sets
Dmitri Pal
dpal at redhat.com
Fri Jul 13 18:25:32 EDT 2012
On 07/13/2012 05:57 PM, Nico Williams wrote:
> On Fri, Jul 13, 2012 at 4:40 PM, Dmitri Pal <dpal at redhat.com> wrote:
>>> Excuse my ignorance, but why are flags necessary in the context of
>>> prompting the user? You don't mean that the application should be
>> s/should be/might be
>>> responsible for interfacing with hardware tokens plugged into token
>>> slots, do you?
>> Absolutely yes.
>> Application can be prompting the user or interacting with the hardware
>> directly.
>> SSSD is one of such applications. It can do the first and soon will be
>> able to do the second.
> I understand why the application has to be the one interacting with
> the user. I don't understand why the application has to be the thing
> interacting with the hardware token. What am I missing?
>
Who is going to interact with the connected OTP token or a token
embedded into the hardware like TPM?
Do you expect it to be the code under the Kerberos library?
Those interactions are usually hardware and vendor specific.
I do not think we want to embed it into the Kerberos library.
It is perfect opportunity to offset it to intermediary like SSSD or
similar software for other platforms.
> Nico
> --
> _______________________________________________
> krbdev mailing list krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
>
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the krbdev
mailing list