krb5 commit: Clarify X509_user_identity documentation
ghudson at mit.edu
ghudson at mit.edu
Fri Apr 25 17:24:06 EDT 2025
https://github.com/krb5/krb5/commit/bd8b2a6a380b6b10ea1a3f90e8a1c8f775f5fc2c
commit bd8b2a6a380b6b10ea1a3f90e8a1c8f775f5fc2c
Author: Greg Hudson <ghudson at mit.edu>
Date: Fri Apr 18 12:23:10 2025 -0400
Clarify X509_user_identity documentation
Document that PKINIT identity specifier values must not contain
colons.
ticket: 9154
doc/admin/conf_files/krb5_conf.rst | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst
index e80e02eba..e0c7a6330 100644
--- a/doc/admin/conf_files/krb5_conf.rst
+++ b/doc/admin/conf_files/krb5_conf.rst
@@ -1052,8 +1052,10 @@ information for PKINIT is as follows:
a particular smard card reader or token if there is more than one
available. ``certid=`` and/or ``certlabel=`` may be specified to
force the selection of a particular certificate on the device.
- See the **pkinit_cert_match** configuration option for more ways
- to select a particular certificate to use for PKINIT.
+ Specifier values must not contain colon characters, as colons are
+ always treated as separators. See the **pkinit_cert_match**
+ configuration option for more ways to select a particular
+ certificate to use for PKINIT.
**ENV:**\ *envvar*
*envvar* specifies the name of an environment variable which has
More information about the cvs-krb5
mailing list