Project review: response sets
Nico Williams
nico at cryptonector.com
Fri Jul 13 18:51:38 EDT 2012
On Fri, Jul 13, 2012 at 5:42 PM, Dmitri Pal <dpal at redhat.com> wrote:
>> It is perfect opportunity to offset it to intermediary like SSSD or
>> similar software for other platforms.
> Over time if some of those get standardized they can be moved to the
> common library under kerberos but for the time being it makes sense to
> leave it to the application to deal with.
I don't think we should conflate how to talk to a piece of hardware
with how to talk to the user.
I would rather see the application tell libkrb5/plugins how to access
available hardware (e.g., "use this PKCS#11 DLL", "use these callbacks
to talk to the token"), and to separate this from interaction with the
user.
If there are 5 tokens that can be accessed with three different
libraries I'd expect the app to use some gic_opt to tell the plugin
about the three libraries and let the plugin list the tokens. Later
the plugin might want the user to choose a token. The question and
response need not be anything more than strings, really, and the
plugin can use the selected token with the correct library.
Nico
--
More information about the krbdev
mailing list