Comments on the use of plugins - useof pkinit_kdc_hostname

Sam Hartman hartmans at MIT.EDU
Mon Jun 18 15:28:04 EDT 2007

>>>>> "Douglas" == Douglas E Engert <deengert at> writes:

    Douglas> I think what I am asking for is a better way to handle
    Douglas> the current Windows KDCs, until they support full RFC
    Douglas> 4556.

And if we can figure out a secure way to map the KDC cert to a specific realm without configuration, I'm happy to do that.

So far you have not shown that the mappings you propose are in fact

Keep in mind that MIT clients will likely have a larger CA set than
some W2K deployments.

More information about the krbdev mailing list