Nicolas.Williams at sun.com
Tue Dec 19 17:13:23 EST 2006
On Mon, Dec 18, 2006 at 07:38:46PM -0500, Jeffrey Hutzelman wrote:
> How about looking for one with a certificate whose PKINIT SAN matches the
> principal? I would certainly see that as useful for some deployments.
Not generally good enough: what if multiple certs exist on the card that
have PKINIT SANs?
At the limit the UI will just have to be able to prompt the user for
which credential to use.
More information about the krbdev