PKINIT and DN Mapping support in MIT kerberos

[Sam Hartman]

I don't know of any current plans to handle this.  However, we've
recently introduced the ability to store strings associated with a
principal; see
http://k5wiki.kerberos.org/wiki/Projects/Principal_entry_string_mapping
. With that code it might be relatively easy to write a patch that
permitted you to set an expected DN for a certificate for a given
principal.

I don't know of any plans to write such a patch, but if you do work on
that I'd be happy to review your work and consider it for inclusion.

--Sam