diff options
| author | Nalin Dahyabhai <nalin@redhat.com> | 2013-07-15 13:37:00 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2013-07-17 14:57:12 -0400 |
| commit | ce02b69e27bcfa21bcab2ed195dfdbaa8040d773 (patch) | |
| tree | 1213a149da22345fd53df9cfe85bf269a0aedb36 /doc/appdev | |
| parent | a3abb0bf5fade0009c9899624d4b996a4e12a49f (diff) | |
| download | krb5-ce02b69e27bcfa21bcab2ed195dfdbaa8040d773.tar.gz krb5-ce02b69e27bcfa21bcab2ed195dfdbaa8040d773.tar.xz krb5-ce02b69e27bcfa21bcab2ed195dfdbaa8040d773.zip | |
Add non-JSON APIs for PKINIT responder items
Add wrappers for the JSON-oriented APIs for PKINIT responder items,
modeled after the API we provide for OTP items:
* krb5_responder_pkinit_get_challenge() returns the list of
identities for which we need PINs
* krb5_responder_pkinit_challenge_free() frees the structure that
was returned by krb5_responder_pkinit_get_challenge()
* krb5_responder_pkinit_set_answer() sets the answer to the PIN for
one of the identities
[ghudson@mit.edu: style cleanup; added comment pointing to main body
of PKINIT module]
ticket: 7680
Diffstat (limited to 'doc/appdev')
| -rw-r--r-- | doc/appdev/init_creds.rst | 16 | ||||
| -rw-r--r-- | doc/appdev/refs/api/index.rst | 3 |
2 files changed, 19 insertions, 0 deletions
diff --git a/doc/appdev/init_creds.rst b/doc/appdev/init_creds.rst index 63c9d617ed..07baa4a387 100644 --- a/doc/appdev/init_creds.rst +++ b/doc/appdev/init_creds.rst @@ -210,6 +210,22 @@ challenge into a krb5_responder_otp_challenge structure. The token information elements from the challenge and supplies the value and pin for that token. +PKINIT password or PIN question +############################### + +The :c:macro:`KRB5_RESPONDER_QUESTION_PKINIT` (or ``"pkinit"``) question +type requests PINs for hardware devices and/or passwords for encrypted +credentials which are stored on disk, potentially also supplying +information about the state of the hardware devices. The challenge and +answer are JSON-encoded strings, but an application can use convenience +functions to avoid doing any JSON processing itself. + +The :c:func:`krb5_responder_pkinit_get_challenge` function decodes the +challenges into a krb5_responder_pkinit_challenge structure. The +:c:func:`krb5_responder_pkinit_set_answer` function can be used to +supply the PIN or password for a particular client credential, and can +be called multiple times. + Example ####### diff --git a/doc/appdev/refs/api/index.rst b/doc/appdev/refs/api/index.rst index 7009b30dca..b1a580a6aa 100644 --- a/doc/appdev/refs/api/index.rst +++ b/doc/appdev/refs/api/index.rst @@ -87,6 +87,9 @@ Frequently used public interfaces krb5_responder_otp_get_challenge.rst krb5_responder_otp_set_answer.rst krb5_responder_otp_challenge_free.rst + krb5_responder_pkinit_get_challenge.rst + krb5_responder_pkinit_set_answer.rst + krb5_responder_pkinit_challenge_free.rst krb5_set_default_realm.rst krb5_set_password.rst krb5_set_password_using_ccache.rst |