> - gss_acquired_cred_with_prompt()
> - gss_add_cred_with_prompt()
> - gss_set_context_prompter()
We could avoid adding new entry points by using gss_set_cred_option and gss_set_sec_context_option. If they need to be called before gss_acquire_cred/gss_init_sec_context, they can take GSS_C_NO_CONTEXT on input and return a skeletal cred which can be passed to those functions.
> And now you could have a full-featured pam_gss that can truly replace
> pam_krb5 completely.
Nice one.
> You might want pam_gss to take a mech_oid argument; if none is
> provided then use the default mech. If the admin wants multiple mechs
> then they can stack pam_gss multiple times.
It already does ;-)
-- Luke
|