Fwd: pkinit SAN and EKU checking

Sam Hartman hartmans at MIT.EDU
Mon May 14 19:32:41 EDT 2007

>>>>> "Kevin" == Kevin Coffman <kwc at citi.umich.edu> writes:

    >> Long term, it seems like you either try the external plugins
    >> first, or you fall back to the external plugins.

    Kevin> Yes, and I was opting for the former.

But why do I need to configure it?
If I have external plugins and they approve the whatever, then its approved.

Or is the intent of your config option to say that only external
plugins are permitted and if they fail then rather than trying the
default we fail the authentication?

More information about the krbdev mailing list