From ce02b69e27bcfa21bcab2ed195dfdbaa8040d773 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Mon, 15 Jul 2013 13:37:00 -0400 Subject: Add non-JSON APIs for PKINIT responder items Add wrappers for the JSON-oriented APIs for PKINIT responder items, modeled after the API we provide for OTP items: * krb5_responder_pkinit_get_challenge() returns the list of identities for which we need PINs * krb5_responder_pkinit_challenge_free() frees the structure that was returned by krb5_responder_pkinit_get_challenge() * krb5_responder_pkinit_set_answer() sets the answer to the PIN for one of the identities [ghudson@mit.edu: style cleanup; added comment pointing to main body of PKINIT module] ticket: 7680 --- doc/appdev/init_creds.rst | 16 ++++++++++++++++ doc/appdev/refs/api/index.rst | 3 +++ 2 files changed, 19 insertions(+) (limited to 'doc/appdev') diff --git a/doc/appdev/init_creds.rst b/doc/appdev/init_creds.rst index 63c9d617ed..07baa4a387 100644 --- a/doc/appdev/init_creds.rst +++ b/doc/appdev/init_creds.rst @@ -210,6 +210,22 @@ challenge into a krb5_responder_otp_challenge structure. The token information elements from the challenge and supplies the value and pin for that token. +PKINIT password or PIN question +############################### + +The :c:macro:`KRB5_RESPONDER_QUESTION_PKINIT` (or ``"pkinit"``) question +type requests PINs for hardware devices and/or passwords for encrypted +credentials which are stored on disk, potentially also supplying +information about the state of the hardware devices. The challenge and +answer are JSON-encoded strings, but an application can use convenience +functions to avoid doing any JSON processing itself. + +The :c:func:`krb5_responder_pkinit_get_challenge` function decodes the +challenges into a krb5_responder_pkinit_challenge structure. The +:c:func:`krb5_responder_pkinit_set_answer` function can be used to +supply the PIN or password for a particular client credential, and can +be called multiple times. + Example ####### diff --git a/doc/appdev/refs/api/index.rst b/doc/appdev/refs/api/index.rst index 7009b30dca..b1a580a6aa 100644 --- a/doc/appdev/refs/api/index.rst +++ b/doc/appdev/refs/api/index.rst @@ -87,6 +87,9 @@ Frequently used public interfaces krb5_responder_otp_get_challenge.rst krb5_responder_otp_set_answer.rst krb5_responder_otp_challenge_free.rst + krb5_responder_pkinit_get_challenge.rst + krb5_responder_pkinit_set_answer.rst + krb5_responder_pkinit_challenge_free.rst krb5_set_default_realm.rst krb5_set_password.rst krb5_set_password_using_ccache.rst -- cgit