Proposal: krb5_get_init_creds_opt_set_change_password_prompt

Douglas E. Engert deengert at anl.gov
Thu Dec 7 11:59:08 EST 2006 

If you take out the pa_type, then you would have the
-pp option I was talking about, and  I would suspect get
around Sam's objections about OpenSSL/pkinit specifics.
I suspose the -pp could have the pa_data type too.

Kevin Coffman wrote:

> On 12/7/06, Love Hörnquist Åstrand <lha at kth.se> wrote:
> 
>>>It requires that we agree on attribute name equivalents to the
>>>parameters supplied to krb5_get_init_creds_opt_set_pkinit().  I used
>>>the following, but am open to discussion.
>>
>>is there any document on krb5_get_init_creds_opt_set_pa ?
> 
> 
> Sorry.  It is a (proposed) generalized interface to supply options to
> preauth plugins:
> 
> 
> /* Generic preauth option attribute/value pairs */
> typedef struct _krb5_gic_opt_pa_data {
>     krb5_preauthtype pa_type;   /* pa_type this option applies to */
>     char *attr;
>     char *value;
> } krb5_gic_opt_pa_data;
> 
>  /*
>  * This function allows the caller to supply options to preauth
>  * plugins.  Preauth plugin modules are given a chance to look
>  * at the options at the time this function is called to check
>  * the validity of its options.
>  * The 'opt' pointer supplied to this function must have been
>  * obtained using krb5_get_init_creds_opt_alloc()
>  */
> krb5_error_code KRB5_CALLCONV
> krb5_get_init_creds_opt_set_pa(krb5_context context,
>                                krb5_get_init_creds_opt *opt,
>                                krb5_principal principal,
>                                const char *password,
>                                krb5_prompter_fct prompter,
>                                void *prompter_data,
>                                int num_preauth_data,
>                                krb5_gic_opt_pa_data *preauth_data);
> 
> 
> /*
>  * This function allows a preauth plugin to obtain preauth
>  * options. Only options which are applicable to the pa_types
>  * which the plugin module claims to support (pa_types) are
>  * returned.  The preauth_data returned from this function
>  * should be freed by calling krb5_get_init_creds_opt_free_pa().
>  * The 'opt' pointer supplied to this function must have been
>  * obtained using krb5_get_init_creds_opt_alloc()
>  */
> krb5_error_code KRB5_CALLCONV
> krb5_get_init_creds_opt_get_pa(krb5_context context,
>                                krb5_get_init_creds_opt *opt,
>                                int num_pa_types,
>                                krb5_preauthtype *pa_types,
>                                int *num_preauth_data,
>                                krb5_gic_opt_pa_data **preauth_data);
> 
> /*
>  * This function frees the preauth_data that was returned by
>  * krb5_get_init_creds_opt_get_pa().
>  */
> void KRB5_CALLCONV
> krb5_get_init_creds_opt_free_pa(krb5_context context,
>                                 int num_preauth_data,
>                                 krb5_gic_opt_pa_data *preauth_data);
> 
> _______________________________________________
> krbdev mailing list             krbdev at mit.edu
> https://mailman-mit-edu.ezproxyberklee.flo.org/mailman/listinfo/krbdev
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the krbdev mailing list