More documentation about pkinit_principal_in_certificate
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25211 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
@@ -1149,6 +1149,14 @@ It possible to store the principal (if allowed by the KDC) in the
|
|||||||
certificate and thus delegate responsibility to do the mapping between
|
certificate and thus delegate responsibility to do the mapping between
|
||||||
certificates and principals to the CA.
|
certificates and principals to the CA.
|
||||||
|
|
||||||
|
This behavior is controlled by KDC configuration option:
|
||||||
|
|
||||||
|
@example
|
||||||
|
[kdc]
|
||||||
|
pkinit_principal_in_certificate = yes
|
||||||
|
@end example
|
||||||
|
|
||||||
|
|
||||||
@subsubsection Using KRB5PrincipalName in id-pkinit-san
|
@subsubsection Using KRB5PrincipalName in id-pkinit-san
|
||||||
|
|
||||||
OtherName extention in the GeneralName is used to do the
|
OtherName extention in the GeneralName is used to do the
|
||||||
@@ -1303,8 +1311,9 @@ Write about the kdc.
|
|||||||
pkinit_anchors = FILE:/path/to/trust-anchors.pem
|
pkinit_anchors = FILE:/path/to/trust-anchors.pem
|
||||||
pkinit_pool = PKCS12:/path/to/useful-intermediate-certs.pfx
|
pkinit_pool = PKCS12:/path/to/useful-intermediate-certs.pfx
|
||||||
pkinit_pool = FILE:/path/to/other-useful-intermediate-certs.pem
|
pkinit_pool = FILE:/path/to/other-useful-intermediate-certs.pem
|
||||||
pkinit_allow_proxy_certificate = false
|
pkinit_allow_proxy_certificate = no
|
||||||
pkinit_win2k_require_binding = yes
|
pkinit_win2k_require_binding = yes
|
||||||
|
pkinit_principal_in_certificate = no
|
||||||
@end example
|
@end example
|
||||||
|
|
||||||
@subsection Using pki-mapping file
|
@subsection Using pki-mapping file
|
||||||
|
|||||||
Reference in New Issue
Block a user