OTP: Putting the nonce in the cookie

Hi list, I recently pushed[0] some code for putting the nonce in the PA-FX-COOKIE (to branch otp-wip of git://git.nordu.net/krb-otp.git). It took some changes to generic FAST code though. Please let me know if you think this isn't a good way of solving it. For example, I can't really see how this is supposed to work with authentications sets. We'll definitely have to think more about how the nonce should be constructed. As mentioned in kdc_preauth_get_cookie(): If cookies are used for real, versioning so that KDCs can be upgraded, keying, expiration and many other issues need to be considered. [0] http://git.nordu.net/?p=krb-otp.git;a=commit;h=c8ca1a83805ce967bcf251ff55... Thanks, Linus