attribute to require pkinit?

Sam Hartman hartmans at MIT.EDU
Wed Nov 29 09:28:29 EST 2006

>>>>> "Kevin" == Kevin Coffman <kwc at> writes:

    Kevin> Is there a need/desire to have a per-principal db attribute
    Kevin> which requires a user to use pkinit to authenticate?
That sounds like it would be too much of a tie between the base code
and pkinit without some abstraction.
I wonder whether overloading the hw_auth attribute is sufficient.

More information about the krbdev mailing list