Subject: | pkinit_identities should support path substitution |
On a multi-user machine, it is not convenient to set up PKINIT so that
client certificates are obtained from each user's home directory. At
best, you can specify pkinit_identities = ENV:envvarname and put an
environment variable setting in every user's dotfiles.
In 1.11 we introduced a path substitution facility borrowed from Heimdal,
which could be applied to this purpose, especially if we added a %{home}
token for the home directory.
Here is an example of an administrator wanting to use path substitution
for pkinit_identities:
http://mailman.mit.edu/pipermail/kerberos/2014-June/019922.html
client certificates are obtained from each user's home directory. At
best, you can specify pkinit_identities = ENV:envvarname and put an
environment variable setting in every user's dotfiles.
In 1.11 we introduced a path substitution facility borrowed from Heimdal,
which could be applied to this purpose, especially if we added a %{home}
token for the home directory.
Here is an example of an administrator wanting to use path substitution
for pkinit_identities:
http://mailman.mit.edu/pipermail/kerberos/2014-June/019922.html