pkinit kinit/krb5.conf naming inconsistencies
Kevin Coffman
kwc at umich.edu
Sat Sep 13 19:51:09 EDT 2008
On Thu, Sep 11, 2008 at 1:33 AM, Glenn Barry <Glenn.Barry at sun.com> wrote:
>
> Nico noticed kinit -X attribute and krb5.conf option inconsistencies
> such as:
>
> kinit -X
> X509_user_identity=value
>
> krb5.conf
> pkinit_identity/pkinit_identities
>
> (and likewise for *_anchors)
>
> Is there a good reason for these to be diff?
Hi Glenn,
Yes, as I recall, there was.
We were making an effort to match the options in the config file with
those used by Heimdal where possible.
For the "-X" preauth options, Sam did not want them to be
pkinit-specific since they could possibly be used with other preauth
methods in the future.
K.C.
More information about the krbdev
mailing list