[30333] in CVS-changelog-for-Kerberos-V5

home help back first fref pref prev next nref lref last post

krb5 commit [krb5-1.16]: Clarify documentation on pkinit_identities

daemon@ATHENA.MIT.EDU (Greg Hudson)
Tue Oct 30 12:26:00 2018

Date: Tue, 30 Oct 2018 12:25:52 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201810301625.w9UGPqb2008616@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu

https://github.com/krb5/krb5/commit/456e41f848861217ddf5149b9e52e3ba6d42947c
commit 456e41f848861217ddf5149b9e52e3ba6d42947c
Author: Greg Hudson <ghudson@mit.edu>
Date:   Thu Sep 6 13:20:56 2018 -0400

    Clarify documentation on pkinit_identities
    
    The documentation for pkinit_identities implies that we try harder to
    use each value before ignoring the rest, when in fact we only go as
    far as the first successful parse.  Soften the language and describe
    the most likely use case for multiple values under the current
    semantics.
    
    (cherry picked from commit e095b436d92d9aa30106509b5ccf76719e1668b3)
    
    ticket: 8733
    version_fixed: 1.16.2

 doc/admin/conf_files/krb5_conf.rst |   10 +++++-----
 1 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst
index 3d33dba..129f9b9 100644
--- a/doc/admin/conf_files/krb5_conf.rst
+++ b/doc/admin/conf_files/krb5_conf.rst
@@ -1106,11 +1106,11 @@ PKINIT krb5.conf options
 
 **pkinit_identities**
     Specifies the location(s) to be used to find the user's X.509
-    identity information.  This option may be specified multiple
-    times.  Each value is attempted in order until identity
-    information is found and authentication is attempted.  Note that
-    these values are not used if the user specifies
-    **X509_user_identity** on the command line.
+    identity information.  If this option is specified multiple times,
+    the first valid value is used; this can be used to specify an
+    environment variable (with **ENV:**\ *envvar*) followed by a
+    default value.  Note that these values are not used if the user
+    specifies **X509_user_identity** on the command line.
 
 **pkinit_kdc_hostname**
     The presense of this option indicates that the client is willing
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
home help back first fref pref prev next nref lref last post