Geoffrey Thorpe <[email protected]> writes: > As I understand it, k5start will invoke kinit periodically to handle > credential refresh, and so if kinit is configured to use pkinit to get > creds, then it would pick up the cert and key from the file system each > time kinit is invoked (rather than them being read only once when > k5start is first run). Is that correct? If so, that's once less feature > to worry about. :-)
k5start itself does not run kinit. It uses the Kerberos library calls directly. I am dubious that it would work with PKINIT from a file without some code changes. (Although also I'm not sure I understand the security model of using a PKINIT cert on disk and not a keytab.) -- Russ Allbery ([email protected]) <https://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
