Nicolas Williams 855b27ccfb httpkadmind: Allow host SPNs to fetch selves ...

Combined with the synthetic_clients feature, this will allow hosts that
have a PKINIT-worthy client certificate with a SAN with their host
principals to create their own principals and "extract" their host
keytabs.  Together with some other PKIX credential bootstrapping
protocol, this can help hosts bootstrap Kerberos host credentials.

2021-06-29 14:52:07 -05:00

3.3 KiB

Raw Blame History

View Raw