On Thu, Apr 02, 2026 at 10:20:07PM -0400, Ken Hornstein via Kerberos wrote: > I can think of situations where you might be issued X.509 certificates > that you would want to use for authentication, rather than a keytab.
Like a TPM. Just in time to be obsoleted by the move to PQC. (Though, still, if you treat the public keys as secrets then it can be safe should we get a CRQC.) Nico -- ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
