manoj kumar mishra
2021-05-18 16:09:24 UTC
Can someone tell where to look for solution?
Sent from Yahoo Mail on Android
On Tue, May 18, 2021 at 9:30 PM, krbdev-***@mit.edu<krbdev-***@mit.edu> wrote: Send krbdev mailing list submissions to
***@mit.edu
To subscribe or unsubscribe via the World Wide Web, visit
https://mailman.mit.edu/mailman/listinfo/krbdev
or, via email, send a message with subject or body 'help' to
krbdev-***@mit.edu
You can reach the person managing the list at
krbdev-***@mit.edu
When replying, please edit your Subject line so it is more specific
than "Re: Contents of krbdev digest..."
Today's Topics:
1. Re: Issues with multiple pkinit KDC certauth plugins (Greg Hudson)
----------------------------------------------------------------------
Message: 1
Date: Mon, 17 May 2021 12:29:04 -0400
From: Greg Hudson <***@mit.edu>
Subject: Re: Issues with multiple pkinit KDC certauth plugins
To: Ken Hornstein <***@cmf.nrl.navy.mil>, <***@mit.edu>
Message-ID: <bda13157-88e8-6a5c-1279-***@mit.edu>
Content-Type: text/plain; charset=utf-8
that we could ask "does this cert indicate the use of hardware"
independently of "does this cert authorize this principal".
However, since we're halfway in on shoehorning both questions into one
method, I guess it's no less clean at this point to add another entry in
the answer matrix. So, this is fine.
------------------------------
_______________________________________________
krbdev mailing list
***@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
End of krbdev Digest, Vol 221, Issue 2
**************************************
_______________________________________________
krbdev mailing list ***@mit.edu
Sent from Yahoo Mail on Android
On Tue, May 18, 2021 at 9:30 PM, krbdev-***@mit.edu<krbdev-***@mit.edu> wrote: Send krbdev mailing list submissions to
***@mit.edu
To subscribe or unsubscribe via the World Wide Web, visit
https://mailman.mit.edu/mailman/listinfo/krbdev
or, via email, send a message with subject or body 'help' to
krbdev-***@mit.edu
You can reach the person managing the list at
krbdev-***@mit.edu
When replying, please edit your Subject line so it is more specific
than "Re: Contents of krbdev digest..."
Today's Topics:
1. Re: Issues with multiple pkinit KDC certauth plugins (Greg Hudson)
----------------------------------------------------------------------
Message: 1
Date: Mon, 17 May 2021 12:29:04 -0400
From: Greg Hudson <***@mit.edu>
Subject: Re: Issues with multiple pkinit KDC certauth plugins
To: Ken Hornstein <***@cmf.nrl.navy.mil>, <***@mit.edu>
Message-ID: <bda13157-88e8-6a5c-1279-***@mit.edu>
Content-Type: text/plain; charset=utf-8
It occurs to me that the simplest solution here would be to
add an additional return code that meant "pass + add hwauth to
ticket". Like it could be called KRB5_CERTAUTH_HWAUTH_PASS. Or
KRB5_CERTAUTH_HWAUTH_NO_HANDLE, or something else.
In hindsight, adding a new method would probably have been cleaner, soadd an additional return code that meant "pass + add hwauth to
ticket". Like it could be called KRB5_CERTAUTH_HWAUTH_PASS. Or
KRB5_CERTAUTH_HWAUTH_NO_HANDLE, or something else.
that we could ask "does this cert indicate the use of hardware"
independently of "does this cert authorize this principal".
However, since we're halfway in on shoehorning both questions into one
method, I guess it's no less clean at this point to add another entry in
the answer matrix. So, this is fine.
------------------------------
_______________________________________________
krbdev mailing list
***@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
End of krbdev Digest, Vol 221, Issue 2
**************************************
_______________________________________________
krbdev mailing list ***@mit.edu