On Thu, Nov 19, 2009 at 12:31:25PM -1000, Will Fiveash wrote: > I have to agree with the analysis that supporting a "pkinit" module > argument is very easy. Note that so far my implementation of pkinit > support in our pam_krb5 is about 50 new lines of code. Taking the > other approach of refactoring the common code in to a lib shared > between pam_krb5.so and pam_krb5_pkinit.so would be significantly more > work with more opportunity for bugs I believe.
For me it's all the same. PAM configuration is difficult and painful, and I don't see any of the options proposed so far as making any significant difference. Nico --
