[krbdev.mit.edu #7931] git commit
Tom Yu via RT
rt-comment at krbdev.mit.edu
Fri Jun 27 13:15:25 EDT 2014
Improve PKINIT certificate documentation
Describe how to use a commercially-issued server certificate for
anonymous PKINIT. Separate the KDC and client configuration
instructions so that the steps necessary for anonymous PKINIT are not
combined with the additional steps necessary for regular PKINIT.
Describe kpServerAuth as the EKU used in commercially issued server
certificates, not as the value used by Microsoft (which does not
appear to be true according to [MS-PKCA]).
(cherry picked from commit 677c7753923e5efa078074611d4474fbcc10f6a1)
https://github.com/krb5/krb5/commit/8cff7cae5a1b6fb9901f04f054dfe8fa636400e8
Author: Greg Hudson <ghudson at mit.edu>
Committer: Tom Yu <tlyu at mit.edu>
Commit: 8cff7cae5a1b6fb9901f04f054dfe8fa636400e8
Branch: krb5-1.12
doc/admin/conf_files/krb5_conf.rst | 3 +-
doc/admin/pkinit.rst | 117 ++++++++++++++++++++++++++----------
2 files changed, 86 insertions(+), 34 deletions(-)
More information about the krb5-bugs
mailing list