On 05/31/2014 12:13 PM, [email protected] wrote: > as you can see, the expected kdc extensions appeared in the output > certificate, but they contained no data or invalid data.
Are you judging that by the following output? > X509v3 Subject Alternative Name: > othername:<unsupported> I see the same thing in test KDC certificates. It just means that OpenSSL doesn't know how to display that type of SAN. [From your first message:] > this covers almost all if could find about the mapping file: > > pkinit_mapping_file > > Specifies the name of the ACL pkinit mapping file. This file > maps principals to the certificates that they can use. As it turns out, there is no mapping file support. All the code does is read the filename into a structure field and ignore it. I've submitted a pull request to eliminate the skeleton of this feature so it doesn't confuse anyone else. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
