[17421] in Kerberos_V5_Development
Re: PKINIT and DN Mapping support in MIT kerberos
daemon@ATHENA.MIT.EDU (Sam Hartman)
Sun Nov 27 19:53:07 2011
From: Sam Hartman <hartmans@painless-security.com>
To: Matthieu Hautreux <matthieu.hautreux@gmail.com>
Date: Sun, 27 Nov 2011 19:52:56 -0500
In-Reply-To: <CAChPGiBfkGZ514c7SX6gxfoBzU1kThhMc8STn1zPRJggpmOtPA@mail.gmail.com>
(Matthieu Hautreux's message of "Wed, 23 Nov 2011 12:02:52 +0100")
Message-ID: <tsly5v1ax07.fsf@mit.edu>
MIME-Version: 1.0
Cc: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
I don't know of any current plans to handle this. However, we've
recently introduced the ability to store strings associated with a
principal; see
http://k5wiki.kerberos.org/wiki/Projects/Principal_entry_string_mapping
. With that code it might be relatively easy to write a patch that
permitted you to set an expected DN for a certificate for a given
principal.
I don't know of any plans to write such a patch, but if you do work on
that I'd be happy to review your work and consider it for inclusion.
--Sam
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
