> Presumably you prompt for principal name separately from PAM_USER?
I prefer the approach of let the user enter the principal name, canonicalize it with gss_localname(), and then reset PAM_USER. This requires that the application cooperate.
> Makes one want to add a simple interactive initial credential
> acquisition interface (to handle PIN prompts, ...).
Sure, send me the patch ;-)
-- Luke
|