BuzzSaw Code <buzzsaw.c...@gmail.com> writes: > But that prompt is a callback to the prompter routine in pam_krb5 passed > in so I could bypass that prompt by just force feeding the "password" > into the response structure right ?
Yes, you can intercept it inside pam_krb5. It's really ugly from a pam-krb5 architecture perspective, though, so I'm not sure I'd want to incorporate that upstream. I feel like we went through a very similar problem with the use_pkinit option and we came up with some solution that didn't require doing this response injection thing, but I seem to have swapped all of that out of my brain. But maybe that was a different problem, since, looking at the code, I think I used a prompter that rejected all password prompts, which is sort of the opposite problem from the problem you're having. -- Russ Allbery (ea...@eyrie.org) <https://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
