read pkinit (pki-muble) configuration options

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13144 ec53bebd-3082-4978-b11e-865c3cabbd6b

kdc/config.c

@@ -421,6 +421,40 @@ configure(int argc, char **argv)
 	require_preauth = 1;
     if (port_str == NULL)
 	port_str = "+";
+
+#ifdef PKINIT
+    enable_pkinit = krb5_config_get_bool_default(context, NULL, FALSE,
+						 "kdc",
+						 "enable-pkinit",
+						 NULL);
+    if (enable_pkinit) {
+	const char *key_file, *certificate_file, *ca_dir;
+
+	key_file = krb5_config_get_string(context, NULL,
+					  "kdc",
+					  "pki-key-file",
+					  NULL);
+	if (key_file == NULL)
+	    krb5_errx(context, 1, "pkinit enabled but no keyfile");
+
+	certificate_file = krb5_config_get_string(context, NULL,
+						  "kdc",
+						  "pki-certificate",
+						  NULL);
+	if (certificate_file == NULL)
+	    krb5_errx(context, 1, "pkinit enabled but no certificate");
+
+	ca_dir = krb5_config_get_string(context, NULL,
+					"kdc",
+					"pki-ca-dir",
+					NULL);
+	if (ca_dir == NULL)
+	    krb5_errx(context, 1, "pkinit enabled but no CA directory");
+
+	pk_initialize(certificate_file, key_file, ca_dir);
+    }
+#endif
+
 #ifdef KRB4
     if(v4_realm == NULL){
 	v4_realm = malloc(40); /* REALM_SZ */