pkinit updates

[Nicolas Williams]

On Wed, Dec 13, 2006 at 11:28:48AM -0500, Jim Rees wrote:
> So then something like this?
> 
> X509_user_identity=PKINIT:module_name=/usr/lib/pkcs11.so:slotid=4:id=45:label=Cert1

I think these should all be separate parameters; most, if not all of
them, can be optional.  I'd rather the code test for parameter presence
than have the code parse this sort of string.

And UI-wise multiple parameters are nicer (I don't want to have to count
':'s to build/parse these strings).

Nico
--