Clear as mud: PKINIT and -nokey principal addition (krb5-1.13)

[Siddharth Mathur]

>
> It might help to try deploying to a regular Unix client, to help
> distinguish between client-side issues with the iOS Kerberos
> implementation (which I'm not very familiar with) and server-side issues.

Thanks for debugging tips Greg, will try them out ASAP and report back.

Overall, does what I am trying sounds achievable? No passwords even at
the first login, and exclusive use of client certificates?

Thanks, and hope the new year goes well for you!
Siddharth