attribute to require pkinit?
hartmans at MIT.EDU
Wed Nov 29 12:54:05 EST 2006
>>>>> "Ken" == Ken Renard <kdrenard at wareonearth.com> writes:
Ken> How about an attribute that lists the acceptable preauth
Ken> types for a user [combined with preauth_required flag]? The
Ken> "hw_auth" flag would be a complementary attribute that might
Ken> limit the acceptable client certificates to those known to be
Ken> on a smartcard.
This is both clearly the right answer and very difficult to implement,
which is why I did not mention it.
More information about the krbdev