[31427] in CVS-changelog-for-Kerberos-V5
krb5 commit: Clarify X509_user_identity documentation
daemon@ATHENA.MIT.EDU (ghudson@mit.edu)
Fri Apr 25 17:24:13 2025
From: ghudson@mit.edu
To: cvs-krb5@mit.edu
Message-Id: <20250425212406.A7840102D0D@krbdev.mit.edu>
Date: Fri, 25 Apr 2025 17:24:06 -0400 (EDT)
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/bd8b2a6a380b6b10ea1a3f90e8a1c8f775f5fc2c
commit bd8b2a6a380b6b10ea1a3f90e8a1c8f775f5fc2c
Author: Greg Hudson <ghudson@mit.edu>
Date: Fri Apr 18 12:23:10 2025 -0400
Clarify X509_user_identity documentation
Document that PKINIT identity specifier values must not contain
colons.
ticket: 9154
doc/admin/conf_files/krb5_conf.rst | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst
index e80e02eba..e0c7a6330 100644
--- a/doc/admin/conf_files/krb5_conf.rst
+++ b/doc/admin/conf_files/krb5_conf.rst
@@ -1052,8 +1052,10 @@ information for PKINIT is as follows:
a particular smard card reader or token if there is more than one
available. ``certid=`` and/or ``certlabel=`` may be specified to
force the selection of a particular certificate on the device.
- See the **pkinit_cert_match** configuration option for more ways
- to select a particular certificate to use for PKINIT.
+ Specifier values must not contain colon characters, as colons are
+ always treated as separators. See the **pkinit_cert_match**
+ configuration option for more ways to select a particular
+ certificate to use for PKINIT.
**ENV:**\ *envvar*
*envvar* specifies the name of an environment variable which has
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
