adding support to pkinit plugin for a PIN option?
Will Fiveash
will.fiveash at oracle.com
Tue May 13 19:52:34 EDT 2014
I would like to add support to the pkinit preauth plugin to support a
PIN option in the pkinit_identity_opts. This would allow the Solaris
pam_krb5 to support PKINIT preauth by providing an interface it can use
to pass the PIN to the pkinit preauth plugin via:
krb5_get_init_creds_opt_set_pa(kcontext, opts, "PIN", *krb5_pass);
If the PIN option is set this way, the pkinit preauth plugin wouldn't
prompt the user for their PIN and would just use the PIN option. This
allows pam_krb5 to use PAM compatible prompting to acquire the PIN.
I can submit changes for this as a pull request if that seems
reasonable. Thoughts?
--
Will Fiveash
Oracle Solaris Software Engineer
More information about the krbdev
mailing list