attribute to require pkinit?

Sam Hartman hartmans at MIT.EDU
Wed Nov 29 12:54:05 EST 2006

>>>>> "Ken" == Ken Renard <kdrenard at> writes:

    Ken> How about an attribute that lists the acceptable preauth
    Ken> types for a user [combined with preauth_required flag]?  The
    Ken> "hw_auth" flag would be a complementary attribute that might
    Ken> limit the acceptable client certificates to those known to be
    Ken> on a smartcard.

This is both clearly the right answer and very difficult to implement,
which is why I did not mention it.


More information about the krbdev mailing list