From b1d26a6cbab1cac3db872bd947ac1e275ab6131e Mon Sep 17 00:00:00 2001
From: Love Hornquist Astrand <lha@h5l.org>
Date: Sun, 22 Nov 2009 17:34:57 -0800
Subject: [PATCH] load pkinit bits

---
 kdc/kdc-replay.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/kdc/kdc-replay.c b/kdc/kdc-replay.c
index 27ad2df60..a9bc38b8c 100644
--- a/kdc/kdc-replay.c
+++ b/kdc/kdc-replay.c
@@ -88,6 +88,21 @@ main(int argc, char **argv)
     if (ret)
 	krb5_err(context, 1, ret, "krb5_kdc_set_dbinfo");
 
+    if (config->enable_pkinit) {
+	if (config->pkinit_kdc_identity == NULL)
+	    krb5_errx(context, 1, "pkinit enabled but no identity");
+ 
+	if (config->pkinit_kdc_anchors == NULL)
+	    krb5_errx(context, 1, "pkinit enabled but no X509 anchors");
+
+	_kdc_pk_initialize(context, config,
+			   config->pkinit_kdc_identity,
+			   config->pkinit_kdc_anchors,
+			   config->pkinit_kdc_cert_pool,
+			   config->pkinit_kdc_revoke);
+
+    }
+
     if (argc != 2)
 	errx(1, "argc != 2");