Wyllys Ingersoll wrote: > Gary Winiger wrote: > >> My personal recommendation: Develop a pam_pkinit (or similarly named) module >> with a separate man page. Have that man page describe the interactions >> between pam_pkinit and pam_krb5. >> >> Thanks for the extra time, >> Gary.. > > > Will F is on vacation for a bit longer. I believe the main reason he did not > want to create a new module was that it would result in an almost identical > body of code. Perhaps the existing pam_krb5 tree can be refactored or > the build process could be modified so that the 2 modules (should he choose > to take your advice) share a common body of code except for the places > where the logic differs for standard krb5 vs pkinit.
Hence my suggestion of keeping pam_krb5 as is and using a pkinit module option. I personally think this is a perfect use case for module options and I think that in the long run having two separate modules will actually turned out to be a problem. So I would prefer a pkinit module option, that should be trivial to implement. -- Darren J Moffat
