[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pam_krb5 with PKINIT from Heimdal and MIT
>>>>> "Douglas" == Douglas E Engert <email@example.com> writes:
Douglas> o Since the Heimdal default it to compile in pkinit, or
Douglas> at least a stub for it, this pkinit code can be compiled
Douglas> into pam_krb5 by default. I would hope the MIT code would
Douglas> do something similar.
we can't do that. Pkinit really needs to be a plugin for gpl reasons.
I think that also means that we need to have a way to provide
preauth-specific parameters to a plugin without defining
pkinit-specific things in krb5.h. I think we run into GPL issues if
we do anything else.
Manager, Kerberos Team