On Sat, Oct 29, 2011 at 5:39 PM, Luke Howard <[log in to unmask]> wrote:
>> - gss_acquired_cred_with_prompt()
>> - gss_add_cred_with_prompt()
>> - gss_set_context_prompter()
>
> We could avoid adding new entry points by using gss_set_cred_option and gss_set_sec_context_option. If they need to be called before gss_acquire_cred/gss_init_sec_context, they can take GSS_C_NO_CONTEXT on input and return a skeletal cred which can be passed to those functions.
I haven't made my peace with those :)
>> And now you could have a full-featured pam_gss that can truly replace
>> pam_krb5 completely.
>
> Nice one.
It'd be nice indeed. Less code, more generic code -> win.
Nico
--
|