Greg Hudson writes:
> Yes. For this prompter call, name is NULL, banner is the formatted
> expiration warning, and num_prompts is 0.
Thanks!
> Ah, two responder calls, not two prompter calls. I was looking at the
> wrong code paths.
Oh, sorry, poor bug report on my part.
> Now that I look a
On 3/9/20 1:32 AM, Russ Allbery wrote:
>> In MIT krb5 you can set an expire callback
>> (krb5_get_init_creds_opt_set_expire_callback()); otherwise the prompter
>> is used if present, whether or not a responder is provided.
>
> Oh! Okay, that makes sense. In this case, the prompter is called with
Greg Hudson writes:
> On 3/8/20 8:01 PM, Russ Allbery wrote:
>> I think the reason why I am confused by this is that Heimdal uses the
>> prompter to pass along informational messages such as "your principal
>> is about to expire," and I wasn't sure how MIT Kerberos would do the
>> same thing with
On 3/8/20 8:01 PM, Russ Allbery wrote:
> I think the reason why I am confused by this is that Heimdal uses the
> prompter to pass along informational messages such as "your principal is
> about to expire," and I wasn't sure how MIT Kerberos would do the same
> thing with the responder interface. B
Greg Hudson writes:
> So, the responder doesn't strictly subsume the prompter; a caller who
> wants to be told what textual questions to ask the user, or who doesn't
> want to have specific knowledge of preauth mechanisms, must continue to
> use the prompter.
I think the reason why I am confused
On 3/3/20 1:33 AM, Russ Allbery wrote:
> 1. The normal prompter interface has a mechanism to send a "name" and a
>"banner". Neither of these are very well-documented, but the current
>PAM module behavior is to output them both (name first, then banner) as
>PAM_TEXT_INFO.
>
>I don'
