Skip Menu |
 

Subject: Internal API change to support hardware preauth better
If krb5_get_init_creds() gets an error, it will retry the request
against the master KDC. This doesn't involve any more user interaction,
since the password is cached in a callback structure. But in the
hardware preauthentication case, a user is asked for their hardware
token multiple times.

The library needs to cache the hardware token information so it doesn't
prompt the user for the token again.