[krbdev.mit.edu #7937] pkinit_identities should support path substitution
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Mon Jun 9 12:10:30 EDT 2014
On a multi-user machine, it is not convenient to set up PKINIT so that
client certificates are obtained from each user's home directory. At
best, you can specify pkinit_identities = ENV:envvarname and put an
environment variable setting in every user's dotfiles.
In 1.11 we introduced a path substitution facility borrowed from Heimdal,
which could be applied to this purpose, especially if we added a %{home}
token for the home directory.
Here is an example of an administrator wanting to use path substitution
for pkinit_identities:
http://mailman.mit.edu/pipermail/kerberos/2014-June/019922.html
More information about the krb5-bugs
mailing list