|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
To: Ken Hornstein <kenh@cmf.nrl.navy.mil> From: Greg Hudson <ghudson@mit.edu> Message-ID: <f20c7eab-a608-d0f6-c1c3-26652c6b2364@mit.edu> Date: Fri, 21 Feb 2020 21:57:35 -0500 MIME-Version: 1.0 In-Reply-To: <202002211811.01LIBLOd009614@hedwig.cmf.nrl.navy.mil> Content-Language: en-US Cc: krbdev@mit.edu Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: krbdev-bounces@mit.edu On 2/21/20 1:11 PM, Ken Hornstein wrote: > Well, I will defer to your knowledge of the KDC AS-REQ processing path, > and "perfect is the enemy of the good" and all that. If you are fine > with a designated authorize_cert return code, then so am I. Does your custom PKINIT module set the PA_HARDWARE flag in pkinit_server_get_flags()? That would be necessary to make PKINIT work with client principals flagged with +requires_hwauth, but perhaps you're not doing that. _______________________________________________ krbdev mailing list krbdev@mit.edu https://mailman.mit.edu/mailman/listinfo/krbdev
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |