[20032] in Kerberos_V5_Development
Re: Extending certauth plugin to set ticket flags?
daemon@ATHENA.MIT.EDU (Ken Hornstein)
Sat Feb 22 09:08:17 2020
Message-ID: <202002221407.01ME7rga014113@hedwig.cmf.nrl.navy.mil>
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
To: Greg Hudson <ghudson@mit.edu>
In-Reply-To: <f20c7eab-a608-d0f6-c1c3-26652c6b2364@mit.edu>
MIME-Version: 1.0
Date: Sat, 22 Feb 2020 09:07:53 -0500
Cc: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
>Does your custom PKINIT module set the PA_HARDWARE flag in
>pkinit_server_get_flags()? That would be necessary to make PKINIT work
>with client principals flagged with +requires_hwauth, but perhaps you're
>not doing that.
The answer is ... yes. Ah, crud, I had forgotten about that. Perhaps
the right solution there is to create a configuration option in
krb5.conf/kdc.conf that will tell pkinit to set that?
--Ken
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
