pkinit updates
Nicolas Williams
Nicolas.Williams at sun.com
Tue Dec 19 18:08:00 EST 2006
On Tue, Dec 19, 2006 at 05:42:43PM -0500, Jeffrey Hutzelman wrote:
> You use the one whose SAN matches your principal name. If there is more
> than one, you use the first one, or prompt the user. Of course, even that
> only helps if the certs in question have PKINIT SAN's, and a lot of them
> won't.
Certs w/o PKINIT SANs can be used with PKINIT...
> Really, there are two completely different sets of uses here.
>
> (1) Using tools like kinit to obtain tickets
>
> (2) Using tools like login to gain access to a machine.
>
> [...]
Excellent analysis.
Nico
--
More information about the krbdev
mailing list