config option inconsistencies

Kevin Coffman kwc at
Thu Nov 16 10:31:50 EST 2006

There are currently inconsistencies in the use of underscores and
hyphens in the Heimdal (pkinit/pki) config parameters.  I think there
are also inconsistencies with "pki-" vs. "pkinit-" in some cases?  Is
it too late, too painful, to make these consistent at this point?

Some examples:

enable-pkinit = false
win2k_pkinit = false
win2k_pkinit_require_binding = false
pkinit_require_eku = true
pkinit_require_krbtgt_otherName = true
pkinit_require_hostname_match = false
pkinit-anchors = (no default)
pki-kdc-ocsp = (no default)
pkinit-principal-in-certificate = true
pkinit-dh-min-bits = 0
pki-allow-proxy-certificate = false
pki-mappings-file = $DB_DIR/pki-mapping

More information about the krbdev mailing list