PKINIT and DN Mapping support in MIT kerberos

Sam Hartman hartmans at
Sun Nov 27 19:52:56 EST 2011

I don't know of any current plans to handle this.  However, we've
recently introduced the ability to store strings associated with a
principal; see
. With that code it might be relatively easy to write a patch that
permitted you to set an expected DN for a certificate for a given

I don't know of any plans to write such a patch, but if you do work on
that I'd be happy to review your work and consider it for inclusion.


More information about the krbdev mailing list