Nicolas Williams 8e7c7209e8 kdc: Add param to derive max_life from client cert ...

This adds a KDC configuration parameter that can be used to indicate
that a PKINIT client's certificate's notAfter overrides the client
principal's HDB entry's max_life.  This parameter is a relative time
parameter, and it enables this only if set to a non-zero value (defaults
to zero).  The value of this parameter caps the max_life inferred from
the certificate.

2021-03-23 16:44:50 -05:00

49 KiB

Raw Blame History

View Raw