pkinit kinit/krb5.conf naming inconsistencies

Kevin Coffman kwc at
Sat Sep 13 19:51:09 EDT 2008

On Thu, Sep 11, 2008 at 1:33 AM, Glenn Barry <Glenn.Barry at> wrote:
> Nico noticed kinit -X attribute and krb5.conf option inconsistencies
> such as:
> kinit -X
>    X509_user_identity=value
> krb5.conf
>    pkinit_identity/pkinit_identities
> (and likewise for *_anchors)
> Is there a good reason for these to be diff?

Hi Glenn,

Yes, as I recall, there was.

We were making an effort to match the options in the config file with
those used by Heimdal where possible.

For the "-X" preauth options, Sam did not want them to be
pkinit-specific since they could possibly be used with other preauth
methods in the future.


More information about the krbdev mailing list