| Subject: | Internal API change to support hardware preauth better |
If krb5_get_init_creds() gets an error, it will retry the request
against the master KDC. This doesn't involve any more user interaction,
since the password is cached in a callback structure. But in the
hardware preauthentication case, a user is asked for their hardware
token multiple times.
The library needs to cache the hardware token information so it doesn't
prompt the user for the token again.
against the master KDC. This doesn't involve any more user interaction,
since the password is cached in a callback structure. But in the
hardware preauthentication case, a user is asked for their hardware
token multiple times.
The library needs to cache the hardware token information so it doesn't
prompt the user for the token again.