[krbdev.mit.edu #7936] pkinit_identity and pkinit_identities are confusingly similar
Tom Yu via RT
rt-comment at krbdev.mit.edu
Thu Jun 12 22:33:57 EDT 2014
[ghudson - Mon Jun 9 12:03:39 2014]:
> pkinit_identity specifies the location of the KDC certificate, while
> pkinit_identities specifies the location of possible client certificates.
> These names are confusingly similar. We have two options:
>
> 1. Create new names (such as pkinit_kdc_cert and pkinit_client_certs),
> but fall back to the old names for compatibility.
>
> 2. In the documentation (krb5_conf.rst, kdc_conf.rst, and pkinit.rst),
> specifically call out the confusing similarity.
>
> Here is an example (not the only example) of someone confusing the two
> variable names while trying to set up PKINIT:
>
> http://mailman.mit.edu/pipermail/kerberos/2014-June/019922.html
I think we should do (2) and then (1).
More information about the krb5-bugs
mailing list