pkinit updates

Nicolas Williams Nicolas.Williams at
Tue Dec 19 17:13:23 EST 2006

On Mon, Dec 18, 2006 at 07:38:46PM -0500, Jeffrey Hutzelman wrote:
> How about looking for one with a certificate whose PKINIT SAN matches the 
> principal?  I would certainly see that as useful for some deployments.

Not generally good enough: what if multiple certs exist on the card that

At the limit the UI will just have to be able to prompt the user for
which credential to use.


More information about the krbdev mailing list