auth.c - OpenGrok cross reference for /freebsd/contrib/pam-krb5/module/auth.c

Lines Matching full:pkinit
5  * PKINIT.  The only external interface is pamk5_password_auth, which calls
37  * If the PKINIT smart card error statuses aren't defined, define them to 0.
38  * This will cause the right thing to happen with the logic around PKINIT.
140  * PKINIT.  It also configures FAST if requested and the Kerberos libraries
174      * Set options for PKINIT.  Only used with MIT Kerberos; Heimdal's  in set_credential_options()
175      * implementation of PKINIT uses a separate API instead of setting  in set_credential_options()
511  * Attempt authentication via PKINIT.  Currently, this uses an API specific to
512  * Heimdal.  Once MIT Kerberos supports PKINIT, some of the details may need
520  * PKINIT is just one of many pre-authentication mechanisms that could be
522  * and the possibility that some users may be authenticated via PKINIT and
537      * We may not be able to dive directly into the PKINIT functions because  in pkinit_auth()
547      * instead, they'll be prompted later when the PKINIT code discovers that  in pkinit_auth()
560      * credential option struct to store the PKINIT options.  in pkinit_auth()
711  * Give the user a nicer error message when we've attempted PKINIT without
724         message = "PKINIT failed: user PIN locked";  in report_pkinit_error()
729         message = "PKINIT failed: user PIN expired";  in report_pkinit_error()
734         message = "PKINIT failed: user PIN incorrect";  in report_pkinit_error()
739         message = "PKINIT fialed: user PIN not initialized";  in report_pkinit_error()
743         message = "PKINIT failed";  in report_pkinit_error()
747     message = "PKINIT failed";  in report_pkinit_error()
792      * If PKINIT is available and we were configured to attempt it, try  in pamk5_password_auth()
793      * authenticating with PKINIT first.  Otherwise, fail all authentication  in pamk5_password_auth()
794      * if PKINIT is not available and use_pkinit was set.  Fake an error code  in pamk5_password_auth()
803         putil_debug_krb5(args, retval, "PKINIT failed");  in pamk5_password_auth()
817         putil_debug_krb5(args, retval, "PKINIT failed");  in pamk5_password_auth()
859      * the prompting if PKINIT fails.  In this case, make sure we don't retry.  in pamk5_password_auth()
899      * PKINIT, try to verify the credentials.  Don't do this if we're  in pamk5_password_auth()