Extending certauth plugin to set ticket flags?
Ken Hornstein
kenh at cmf.nrl.navy.mil
Sat Feb 22 09:07:53 EST 2020
>Does your custom PKINIT module set the PA_HARDWARE flag in
>pkinit_server_get_flags()? That would be necessary to make PKINIT work
>with client principals flagged with +requires_hwauth, but perhaps you're
>not doing that.
The answer is ... yes. Ah, crud, I had forgotten about that. Perhaps
the right solution there is to create a configuration option in
krb5.conf/kdc.conf that will tell pkinit to set that?
--Ken
More information about the krbdev
mailing list