attribute to require pkinit?

[Sam Hartman]

>>>>> "Ken" == Ken Renard <kdrenard at wareonearth.com> writes:

    Ken> How about an attribute that lists the acceptable preauth
    Ken> types for a user [combined with preauth_required flag]?  The
    Ken> "hw_auth" flag would be a complementary attribute that might
    Ken> limit the acceptable client certificates to those known to be
    Ken> on a smartcard.


This is both clearly the right answer and very difficult to implement,
which is why I did not mention it.

--Sam