Re: [kitten] CredUI
Luke Howard <lukeh@padl.com> Mon, 03 February 2014 01:56 UTC
Return-Path: <lukeh@padl.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 826601A0159 for <kitten@ietfa.amsl.com>; Sun, 2 Feb 2014 17:56:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.437
X-Spam-Level:
X-Spam-Status: No, score=-2.437 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.535, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3Yve4c1WNMpz for <kitten@ietfa.amsl.com>; Sun, 2 Feb 2014 17:56:02 -0800 (PST)
Received: from us.padl.com (us.padl.com [216.154.215.154]) by ietfa.amsl.com (Postfix) with ESMTP id CBFC71A0155 for <kitten@ietf.org>; Sun, 2 Feb 2014 17:56:01 -0800 (PST)
Received: by us.padl.com with ESMTP id s131tZxf031915; Sun, 2 Feb 2014 20:55:45 -0500
Content-Type: text/plain; charset="iso-8859-1"
Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1822\))
From: Luke Howard <lukeh@padl.com>
In-Reply-To: <52ED51DF.9030702@mit.edu>
Date: Mon, 03 Feb 2014 12:55:34 +1100
Content-Transfer-Encoding: quoted-printable
Message-Id: <E57B6C0C-87E6-4073-874B-6DE83B011675@padl.com>
References: <22979F1F-33E3-4073-88EF-A491965B01B7@padl.com> <CAK3OfOj1rxPeivS-oeoLvSvPQyyjnPQEB6-wS38F4uL+m31-uQ@mail.gmail.com> <52ED51DF.9030702@mit.edu>
To: Greg Hudson <ghudson@MIT.EDU>
X-Mailer: Apple Mail (2.1822)
X-SMTP-Vilter-Version: 1.3.6
X-Spamd-Symbols: ALL_TRUSTED,AWL,BAYES_00,USER_IN_WHITELIST
X-SMTP-Vilter-Spam-Backend: spamd
X-Spam-Threshold: 5.0
X-Spam-Probability: -20.8
Cc: "kitten@ietf.org" <kitten@ietf.org>, Love Hörnquist Åstrand <lha@h5l.org>
Subject: Re: [kitten] CredUI
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Feb 2014 01:56:03 -0000
On 2 Feb 2014, at 6:58 am, Greg Hudson <ghudson@MIT.EDU> wrote: > On 02/01/2014 01:36 PM, Nico Williams wrote: >> On Fri, Jan 31, 2014 at 8:06 PM, Luke Howard <lukeh@padl.com> wrote: >>> * an API/SPI to acquire a credential given an arbitrary dictionary (currently we implemented this using gss_set_cred_option(), as that can output a credential, but a new entry point would be cleaner) >> >> You want gss_acquire_cred_from(). >> >> http://k5wiki.kerberos.org/wiki/Projects/Credential_Store_extensions > > I believe the consensus at the time was that gss_key_value_set_desc > could be used for answers to authentication questions, but the > cred_store parameter to gss_acquire_cred_from cannot. See: > > http://mailman.mit.edu/pipermail/krbdev/2012-July/011105.html > > IIRC Nico or Sam had some ideas on what an initial cred acquisition API > might look like (given that it's not just gss_acquire_cred_from), but I > can't seem to find a writeup. At least we have gss_const_key_value_set_t, even if we use a new API (as mentioned earlier, it could also be gss_set_cred_option with a well known OID). -- Luke
- [kitten] CredUI Luke Howard
- Re: [kitten] CredUI Nico Williams
- Re: [kitten] CredUI Greg Hudson
- Re: [kitten] CredUI Luke Howard