Using PKINIT with ECC
Carson Gaspar
carson at taltos.org
Sun Nov 19 12:13:21 EST 2023
On 11/19/2023 9:00 AM, Ken Hornstein via Kerberos wrote:
> I have mentioned this before, but ... is there any interest in adding
> additional trace points for every place where the old "pkiDebug" calls
> are made? Hidden errors when doing PKINIT are the bane of my existence
> and I feel that I'm not the only one. I understand there are concerns
> about making the trace log too verbose but I think every error could
> generate a trace message and it wouldn't add too much to the trace output
> when everything was working.
Consider this a +1 for some way to enable useful PKINIT debugging
without a recompile. The number of times I've had to install a debug
plugin .so just to figure out basic config issues...
Hell, even just adding an autoconf option to enable it so I didn't have
to hand-edit the include file would be a win... (yeah, I could probably
pass in a custom CPPFLAGS option, but by the time I find the !@#$% macro
I'm already in the include file, so...)
--
Carson
More information about the Kerberos
mailing list