attribute to require pkinit?
Clifford Neuman
bcn at ISI.EDU
Wed Nov 29 10:19:51 EST 2006
I dont' think that overloading hw_auth is the right thing.
However, wouldn't it require pkinit if the database entry did not have a
secret key usable for direct authentication.
Clifford Neuman
Sam Hartman wrote:
>>>>>> "Kevin" == Kevin Coffman <kwc at citi.umich.edu> writes:
>>>>>>
>
> Kevin> Is there a need/desire to have a per-principal db attribute
> Kevin> which requires a user to use pkinit to authenticate?
> That sounds like it would be too much of a tie between the base code
> and pkinit without some abstraction.
> I wonder whether overloading the hw_auth attribute is sufficient.
>
> _______________________________________________
> krbdev mailing list krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
>
>
>
--
Clifford Neuman, Director
USC Center for Computer Systems Security
http://clifford.neuman.name
More information about the krbdev
mailing list