pkinit kinit/krb5.conf naming inconsistencies
Nicolas Williams
Nicolas.Williams at sun.com
Mon Sep 15 17:09:04 EDT 2008
THe more I think about this the more I dislike having this different
parameter prefix.
Moreover, I wonder why only PKINIT-related parameters should be settable
via kinit -x, and not other krb5.conf parameters such as, say,
default_tkt_enctypes (that would complicate the -x option somewhat in
that a config file section would be needed for some parameters).
So, I think that MIT should reconsider this kinit -x option.
Also, Jeff H. mentions (offline) the possibility of doing
PKINIT-over-StartTLS. That would certainly render the x509_ prefix very
confusing! IMO it'd be much better to wait until MIT krb5 gets a
StartTLS implementation before adding parameters with such a generic
prefix.
Nico
--
More information about the krbdev
mailing list