[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: krb5_get_init_creds_opt_set_pkinit() API Help
> The specific problem I have is how do I prevent the command line
> prompt generated by this call. I've traced it as far as
> _krb5_load_id(), but . . .
> I may not be asking the right list, because the prompt is "PIN code
> for SCR331 USB Smart Card Reader 0 0:". It may be generated by the
> OpenSC pkcs11 library rather than Heimdal, but I still need to
> suppress it because my login module already has the PIN/password
> and already knows whether it's a PIN or a password before it enters
> the Kerberos code.
> Now I have some other questions about this module:
> What are the flags? Zero seems to work for me, but why might it be
> 2 or some other value?
Zero is just fine. 2 is a hack to force encKey.
> Why is the prompter function a required argument, if it's not used?
Its used, the reason the p11 module doesn't read the password is to
avoid locking up the card. I didn't trust myself to get that right in
the first try
after killing two cards the same day in another codebase.
> Shouldn't there be a config option for the PK ID value (the -C
> argument to kinit)? In my case it's an interface library for a
> card reader, it ought to default to some value for a given system.
There is, for kinit, but not for the library.