attribute to require pkinit?
Nicolas Williams
Nicolas.Williams at sun.com
Wed Nov 29 13:18:24 EST 2006
On Wed, Nov 29, 2006 at 12:55:59PM -0500, Sam Hartman wrote:
> no, I think he means a principal with no keys.
>
> This would be a reasonable approach, but it turns out it would at
> least break the LDAP backend. Fixing the LDAP backend would probably
> be desirable.
I've long been annoyed that one could not create a principal without
keys.
And no, this isn't the right answer, since to me a principal without
keys could mean other things: e.g., that this principal's long-term keys
haven't been set because enrollment/migration hasn't completed yet.
Nico
--
More information about the krbdev
mailing list