Nicolas.Williams at sun.com
Tue Dec 19 18:08:00 EST 2006
On Tue, Dec 19, 2006 at 05:42:43PM -0500, Jeffrey Hutzelman wrote:
> You use the one whose SAN matches your principal name. If there is more
> than one, you use the first one, or prompt the user. Of course, even that
> only helps if the certs in question have PKINIT SAN's, and a lot of them
Certs w/o PKINIT SANs can be used with PKINIT...
> Really, there are two completely different sets of uses here.
> (1) Using tools like kinit to obtain tickets
> (2) Using tools like login to gain access to a machine.
More information about the krbdev