Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.427 (Entity 5.427) Subject: pkinit_identities should support path substitution X-RT-Original-Encoding: iso-8859-1 Content-Length: 609 On a multi-user machine, it is not convenient to set up PKINIT so that client certificates are obtained from each user's home directory. At best, you can specify pkinit_identities = ENV:envvarname and put an environment variable setting in every user's dotfiles. In 1.11 we introduced a path substitution facility borrowed from Heimdal, which could be applied to this purpose, especially if we added a %{home} token for the home directory. Here is an example of an administrator wanting to use path substitution for pkinit_identities: http://mailman.mit.edu/pipermail/kerberos/2014-June/019922.html