From 64c7c462af38f2047eba58a042a7f62548434bf8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Wed, 29 Nov 2006 19:19:45 +0000
Subject: [PATCH] add more pkinit options.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19194 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/krb5/verify_krb5_conf.c | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/lib/krb5/verify_krb5_conf.c b/lib/krb5/verify_krb5_conf.c
index 46daa785b..b63d1eabe 100644
--- a/lib/krb5/verify_krb5_conf.c
+++ b/lib/krb5/verify_krb5_conf.c
@@ -402,7 +402,6 @@ struct entry libdefaults_entries[] = {
     { "v4_instance_resolve", krb5_config_string, check_boolean },
     { "v4_name_convert", krb5_config_list, v4_name_convert_entries },
     { "verify_ap_req_nofail", krb5_config_string, check_boolean },
-    { "pkinit-openssl-engine", krb5_config_string, NULL },
     { "max_retries", krb5_config_string, check_time },
     { "renew_lifetime", krb5_config_string, check_time },
     { "proxiable", krb5_config_string, check_boolean },
@@ -425,7 +424,12 @@ struct entry appdefaults_entries[] = {
     { "renew_lifetime", krb5_config_string, check_time },
     { "no-addresses", krb5_config_string, check_boolean },
     { "krb4_get_tickets", krb5_config_string, check_boolean },
-    { "pkinit-anchors", krb5_config_string, NULL },
+    { "pkinit_anchors", krb5_config_string, NULL },
+    { "pkinit_win2k", krb5_config_string, NULL },
+    { "pkinit_win2k_require_binding", krb5_config_string, NULL },
+    { "pkinit_require_eku", krb5_config_string, NULL },
+    { "pkinit_require_krbtgt_otherName", krb5_config_string, NULL },
+    { "pkinit_require_hostname_match", krb5_config_string, NULL },
 #if 0
     { "anonymous", krb5_config_string, check_boolean },
 #endif
@@ -501,8 +505,14 @@ struct entry kdc_entries[] = {
     { "kdc_warn_pwexpire", krb5_config_string, check_time },
     { "use_2b", krb5_config_list, NULL },
     { "enable-pkinit", krb5_config_string, check_boolean },
-    { "pki-identity", krb5_config_string, NULL },
-    { "pki-anchors", krb5_config_string, NULL },
+    { "pkinit_identity", krb5_config_string, NULL },
+    { "pkinit_anchors", krb5_config_string, NULL },
+    { "pkinit_pool", krb5_config_string, NULL },
+    { "pkinit_revoke", krb5_config_string, NULL },
+    { "pkinit_kdc_ocsp", krb5_config_string, NULL },
+    { "pkinit_principal_in_certificate", krb5_config_string, NULL },
+    { "pkinit_dh_min_bits", krb5_config_string, NULL },
+    { "pkinit_allow_proxy_certificate", krb5_config_string, NULL },
     { "hdb-ldap-create-base", krb5_config_string, NULL },
     { "v4-realm", krb5_config_string, NULL },
     { NULL }