kdc: Add synthetic PKINIT principals option

2021-06-28 23:29:18 -05:00
parent 4a5fc6bcde
commit 00358252d3
11 changed files with 228 additions and 46 deletions
--- a/kdc/kdc.h
+++ b/kdc/kdc.h
@@ -84,11 +84,15 @@ typedef struct krb5_kdc_configuration {
    char **pkinit_kdc_cert_pool;
    char **pkinit_kdc_revoke;
    int pkinit_dh_min_bits;
+    /* XXX Turn these into bit-fields */
    int pkinit_require_binding;
    int pkinit_allow_proxy_certs;
+    int synthetic_clients;
    int pkinit_max_life_from_cert_extension;
    krb5_timestamp pkinit_max_life_from_cert;
    krb5_timestamp pkinit_max_life_bound;
+    krb5_timestamp synthetic_clients_max_life;
+    krb5_timestamp synthetic_clients_max_renew;

    krb5_log_facility *logf;