Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
From: ghudson@mit.edu
Subject: git commit
X-RT-Original-Encoding: iso-8859-1
Content-Length: 838


Improve PKINIT certificate documentation

Describe how to use a commercially-issued server certificate for
anonymous PKINIT.  Separate the KDC and client configuration
instructions so that the steps necessary for anonymous PKINIT are not
combined with the additional steps necessary for regular PKINIT.
Describe kpServerAuth as the EKU used in commercially issued server
certificates, not as the value used by Microsoft (which does not
appear to be true according to [MS-PKCA]).

https://github.com/krb5/krb5/commit/677c7753923e5efa078074611d4474fbcc10f6a1
Author: Greg Hudson <ghudson@mit.edu>
Commit: 677c7753923e5efa078074611d4474fbcc10f6a1
Branch: master
 doc/admin/conf_files/krb5_conf.rst |    3 +-
 doc/admin/pkinit.rst               |  117 ++++++++++++++++++++++++++----------
 2 files changed, 86 insertions(+), 34 deletions(-)